2. 2
Hassan Sadiq
Team Structure
Roll No Roll No
Importance and
Implementation
Hassan Sadiq
Introduction and
Working
Roll No
Hassan Sadiq
Market Overview
and WAFs Demo
3. Outline
01 What is a Web Application Firewall (WAF)?
02
03
04
05
Features & Functionality
How does it work?
Types of Web Application Firewall
What is difference between blocklist and allowlist WAFs?
06 Importance
07
08
10
What is the difference between WAFs and….?
WAF Drivers
Deployment Modes
Implementation Considerations
09
4. Outline
11 WAF Market Overview
12
13
14
15
WAFs Application and Advantages
WAF vs. firewall
Commercial vs. open-source WAFs
Short WAF Demo
16 Reference
Q/A
17
Users Internet Web
Applicatio
n
Firewall
Web
Servers
6. Web Application Firewall (WAF)?
A web application firewall
(WAF) is a firewall that
monitors, filters, and blocks
data packets as they travel
to and from a website or
web application.
A software or hardware
solution that protects your
web-enabled applications
from threats/attacks.
What is a Web
Application
Firewall (WAF)?
7. WAFs prevent the following web applications and common attacks:
What is a Web Application Firewall (WAF)?
11. How does it work?
Three Basic Security Models
Whitelisting
model
Blacklisting
model
Hybrid
model
01 02 03
12. Types of Web Application Firewall
01Hardware-based WAF
A hardware-based WAF is deployed through a
hardware appliance, installed locally within the
network close to the web application servers.
02 Cloud-Based WAF
A cloud-based WAF is a managed by a
service provider that offers the WAF as a
security-as-a-service.
03 Software-Based WAF
A software-based WAF is a virtual
appliance that is hosted either locally or in
the application cloud environment .
There are 3 types of WAFs on the market. They all
achieve the same goal, but they are installed and
deployed in different locations.
13. What is difference between blocklist and allowlist WAFs?
Both blocklists and allowlists have their advantages and drawbacks, which is
why many WAFs offer a hybrid security model, which implements both.
14. 14
Importance
WAF act as a guard intended explicitly to monitor web-based traffic &
screens all ingoing and outgoing HTTP requests to block anything
malicious. WAFs are programmed to detect several common threats
like:
SQL injection Path traversal XSS attack
WAF is a fast and cost-effective way to enhance the security of your computer network.
15. Importance
01
SQL-Injection
A SQL vulnerability allows a hacker
to inject malicious code, allowing
them to do many things
02
Path Traversal
A Cross-Site Scripting attack, is
an exploit where a hacker runs a
malicious script in a user’s
browser.
03
XSS attack
A directory traversal attack, an
exploit whereby a hacker
accesses data stored outside
of the root folder
16. 16
What Is an NGFW?
• A next-generation firewall (NGFW) is a type
of application firewall that combines the
best features of a traditional network
firewall and a web application firewall.
• Acts as a firewall that blocks incoming
requests by inspecting the network layer
packets
• Allows security admins to handle more
advanced scenarios and block more
sophisticated threats
17. 17
Difference
• A next-generation firewall (NGFW) is a type
of application firewall that combines the
best features of a traditional network
firewall and a web application firewall.
• Acts as a firewall that blocks incoming
requests by inspecting the network layer
packets
• Allows security admins to handle more
advanced scenarios and block more
sophisticated threats
NGFW First gen-FW?
• A next-generation firewall (NGFW) is a type
of application firewall that combines the
best features of a traditional network
firewall and a web application firewall.
• Acts as a firewall that blocks incoming
requests by inspecting the network layer
packets
• Allows security admins to handle more
advanced scenarios and block more
sophisticated threats
WAF’s act as a guard intended explicitly to monitor web-based traffic. In practice, a WAF resides in front of a web application, like a bodyguard and screens all ingoing and outgoing HTTP traffic to block anything malicious. WAFs are designed to work in conjunction with a full suite of security products like traditional firewalls and intrusion prevention systems.
WAFS helps to secure from thses threats :
SQL Injection: An SQL attack is often the result of a software security vulnerability (less than perfect backend code). A WAF can protect against an SQL injection by preventing requests associated with suspicious signatures. Without a WAF, it’s easier for a nefarious character to pass off a fraudulent claim as authentic.
Path Traversal: A WAF protects against this attack by scanning HTTP requests and preventing hackers from uploading attack archives to the system.
XSS Attack: Similar to SQL injection attack prevention, a WAF can prevent an XSS attack by scanning security signatures. Requests associated with suspicious signatures are blocked.