Web application firewalls (WAF)
Web application firewalls (WAF) are an evolving information security technology designed to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't, and they do not require modification of application source code.
A WAF protects a Web application by controlling its input and output and the access to and from the application. Running as an appliance, server plug-in or cloud-based service, a WAF inspects every HTML, HTTPS, SOAP and XML-RPC data packet. Through customizable inspection, it is able to prevent attacks such as XSS, SQL injection, session hijacking and buffer overflows, which network firewalls and intrusion detection systems are often not capable of doing. A WAF is also able to detect and prevent new unknown attacks by watching for unfamiliar patterns in the traffic data.
Benefits
Full support for HTTP:
Access to individual fields (field content, length, field count, etc).
Entire transaction (both request and response).
Uploaded files.
Anti-evasion features (also known as normalisation/canonicalisation/transformation features).
Blocking features:
Transaction
Connection
IP Address
Session
User
Honeypot redirection
TCP/IP resets (connection)
Blocking via external device
Stateful operation:
IP Address data
Session data
User data
Event Correlation
High availability:
Failover
Load-balancing
Clustering
State replication
Cookie protection
Sign/encrypt/virtualise
Hidden field protection
Sign/encrypt/virtualise
Session management protection
Enforce session duration timeout, inactivity timeout.
Prevent fixation.
Virtualise session management.
Prevent hijacking or at least warn about it.
Brute-force protection
Link validation
Signing
Virtualisation
Request flow enforcement
Statically
Dynamically