2. What is WAF
• WAF stands for Web Application Firewall
• It is used to protect web applications from attacks like SQL injection, command
line injection and DDOS attacks etc.
• Monitors all HTTP/HTTPS/SOAP web services traffic between client and servers
based up on their pre defined signatures in the database.
• Basic goal is to monitor and block the contents that violates pre defined policy
• Available in the form of software, appliance or delivered as a service
2
3. Need of WAF
• Organizations & other business units employs WAF to defend themselves and
their clients from cyber attacks.
• Helps companies involved in e-commerce,online financial services & various
other web based products from data theft and other fraud activities.
• WAF adds an extra layer of defence to an already robust application security
program.
• Helps security professionals to receive alerts for activities which violates pre
determined guidelines and rules.
3
4. Working of WAF
• Protects the web application by filtering and monitoring malicious HTTP/HTTPS
traffic coming to the application and prevents unauthorized data from leaving the
app.
• Designs its own rules to determine whether the traffic is malicious or not
• Functions as a reverse proxy server by protecting the web application server from
malicious clients
• Policies can be customized to meet the needs of your web application
4
5. General Techniques to by-pass WAF
• Null character injection
• Inline comments
• Buffer overflow
• Keyword splitting
• URL encoding
• Ignoring cookies
• Using Data URIs
• Header Injection
• Replaced keywords
5
6. Modes of Deployment
• (1) Cloud based fully managed as a service – Recommended for fastest & hassle free way
to get WAF in your apps
• (2) Cloud based + Self managed - Get all the flexibility & security policy portability of the
cloud while still retaining control of traffic management and security policy settings.
• (3) Cloud based + Auto provisioned - Easiest way to start WAF in the cloud. Can deploy
security policy in an easy, cost effective way
• (4) On Premises Advanced WAF - Recommended for most demanding deployment
requires where flexibility, performance and more advanced security concerns are mission
critical
6
7. Advantages of WAF
• Protects against attacks like SQL Injection,XSS, DDOS and application specific attacks.
• Provides automatic protection from diverse threats with strong default rule sets
• Provides real time reporting and robust logging
• Enables security teams to make a decision on what should be allowed & what not
through a WAF.
• Helps teams to receive timely notifications of an attack in progress so that they can
respond much more rapidly to potential security incidents.
7
8. Comparison of Network Firewall & WAF
Network Firewall
• Offers DDOS protection in network
layer
• Offers minimal web application
protection
• Lack of threat detection/prevention
techniques
• Does not offer SSL/encrypted traffic
inspection
• Works at 3rd and 4th layer of OSI layer
Web Application Firewall
• Offers protection in the application
layer
• Offers extensive that includes full
application layer coverage web
application protection
• WAF has signatures, protocol anomaly
detection , app specific anomaly
detection techniques
• Offers SSL encryption
• Works from 3rd to 7th layer of OSI layer
8
9. Conclusion
There are many benefits for having a web application firewall as part of your
business compared to network Firewall. Network Firewall offers the minimal web
application protection, whereas, WAF offers Extensive, including full application
layer coverage web application protection.
9