1

Web Application Firewall

A cybersecurity control placed which works like a filter & protects web & application Servers to be online 24 X 7.

Companies are rapidly increasing their usage of web applications, to deliver a solution or service, application-layer attacks pose a greater risk to productivity and security. Therefore, a WAF is crucial to protect against rapidly emerging web security threats.

What Types of Threats Do WAF's Prevent?

Injection attacks: When untrusted data is sent to an interpreter, an attacker can inject malicious code.

Broken authentication: If authentication mechanisms are not implemented properly, attackers can expose these vulnerabilities.

Sensitive data exposure:  Since many web applications and APIs lack data security, attackers can exploit sensitive financial, healthcare, and personal information.

XML external entities (XXE):  Many legacy XML processors evaluate extremal entities, which can be leveraged to disclose internal files.

Bots:  Programs that interact with our applications and often mimic human interaction.

Broken access controls:  When user access and restrictions are not enforced, unauthorized users can potentially access confidential files.

Unknown vulnerabilities:  Signature-based solutions cannot protect against newly discovered vulnerabilities. A robust WAF solution must be able to defend against threats for which no signatures exist.

Security misconfiguration:  Default or ad-hoc configurations can lead to security misconfigurations that lead to vulnerabilities.

Cross-site scripting (XSS):  When an application includes untrusted data without validation, XSS flaws occur that can be used to perform attacks.

Insecure deserialization:  Leads to remote code execution which can be used to perform attacks.

Zero-day attacks:  Attacks that target previously unknown flaws in an application. When a threat actor discovers a zero-day vulnerability, they can use it to exploit systems that do not have additional defensive measures in place, such as a WAF.

Using components with known vulnerabilities: Components often run with the same privileges as the application. If a vulnerability occurs, all components and applications can be compromised.

Insufficient logging and monitoring:  Logging and monitoring that does not integrate with an incident response technology creates insufficient processes.

Malicious uploads:  Huge amount of  web applications allow users to upload their own content, which can include a variety of malicious code payloads.

Distributed Denial of Service (DDoS): DDoS attacks can attempt to simply flood the system with traffic or may attempt to exploit a flaw in the application logic so that the application does not respond to user requests

WEB APPLICATION PROTECTION

There are 2 basis traffics on websites: humans and bots. Bots are mostly associated with cyber attacks. There are many attacks which traditional firewalls did not detect. Modern threats use authorized protocols to attack an application. This attack appears like genuine requests to the application. They appear so legitimate to traditional firewalls, so they are allowed to go further

A Distributed Denial of Service is a malicious attempt and one of the most harmful weapons on the internet. In this, the attacker tries to make the host website unavailable by flooding the website with too much traffic. It temporarily suspends or interrupts the online service of the host server. The impact could range from a minor disruption in the service to taking down the entire website. In OoS attacks the attacker may use one or multiple systems to attack which makes it really tedious to detect the source of the attack.

If the attacker manages to overwhelm the limit of the server the website will no longer be accessible.

Place a cop for your web applications that inspects all incoming and outgoing web based requests, detects and blocks any traffic that is malicious. Don’t let DDoS attacks affect your website’s functioning.

Unlike a normal firewall, WAF detects automated malicious attacks by performing deep inspection of every request & response for all common forms of web traffic.

A few examples of the different layers of threats WAF blocks
  • Layer 3, the Network layer. Attacks are known as Smurf Attacks, ICMP Floods, and IP/ICMP Fragmentation.
  • Layer 4, the Transport layer. Attacks include SYN Floods, UDP Floods, and TCP Connection Exhaustion.
  • Layer 7, the Application layer. Mainly, HTTP-encrypted attack.
Challenges
  • AWS Web Application Firewall (WAF) is a service that helps you protect your cloud resources from malicious web requests. AWS WAF allows you to apply security rules to block bot traffic and common web request attacks.
  • AWS WAF supports a number of pre-configured rules provided by AWS as well as letting you configure custom rules specific to your applications and systems.
  • Learning how to use AWS WAF will make you more effective at deploying secure solutions in the AWS public cloud.
  • In this lab challenge, you will be tested on your practical ability to build out a solution in a production-like AWS environment. You are presented with a task and a set of requirements that you must fulfill to pass the challenge.
  • This is a real environment, which means you can prove your knowledge in an applied situation, leaving behind multiple choice questions for a dynamic performance-based exam situation.
Solution
  • During a DDoS attack on normally High amount of requests are sent to the host’s system, causing it to break down as the system is unable to process this amount of traffic
  • A successful attack can potentially enhance unwanted cost on your IT setup and infrastructure. more significantly it can lead to loss of brand & customers satisfaction
  • The processing of normal requests is in tum, slowed down or even blocked completely
  • The DDoS attack comes from head computers across the globe. It’s also difficult to pinpoint from where and when it’s happening

DDoS protection is an automated service that intelligently blacklists IP addresses that it recognizes as a malicious attack. It can also detect DDoS small trails & can ensure protection. DDos solutions can give you reports on a daily attack basis. It also supports the extension of validation of SSL. DDOS protection solution can detect all types of DDos attack, which includes UDP. Syn and HTTP floods. DDoS attacks from any location in the world can be detected and blocked.

BENEFITS OF WAF
  • Defends web applications, stops cookie poisoning, prevents sql injections, obstruct XSS and mitigate DOS attacks.
  • Protects Web applications and APIs from internal and external automated attacks
  • Signature based protection with positive security models and anomaly exposure
  • Functions like reverse-proxy, protects the server from being exposed by making clients pass through the WAF before reaching the server.
  • Formulate policies that suit your organization to shield your applications against vulnerabilities
  • Faster, easier security deployments for quicker mitigations and time-to-value.

QUERY

    frequently asked questions

    • Any business that uses  a website as a source to generate revenue should use a web application firewall to protect business data and services. Organizations that use online vendors should especially deploy web application firewalls because the security of outside groups cannot be controlled or trusted.

      Some specific types of organizations who may be more prone to web attacks include:
    • E-commerce sites
    • Online financial services
    • Lead generation sites
    • Online healthcare services
    • Any organization required to follow compliancy standards such as PCI DSS or HIPAA
    Next-Gen Firewalls :
    • Your primary firewall
    • Identify application traffic regardless of where it comes in from or it’s destination
    • Use Microsoft AD to add user information to traffic and policies
    • Packet and application protocol aware
    Web Application Firewalls :
    • Inspects traffic at Layer 7
    • Can model and learn rules based on the web application
    • Protects web applications from OWASP vulnerabilities
    • Application and content aware
    • No. There is no impact on SEO. The only example where this might be an issue, is if the user inadvertently blocks Google IP ranges thinking it’s a malicious scanner. This will not happen with traditional WAF service providers.

    • WAFs are an important security tool, but they are not a substitute for other security tools and controls.For those that lack appropriate security posture, WAF technologies may be problematic in giving a false sense of security.