Web application firewalls (WAF)

Web application firewalls (WAF) are an evolving information security technology designed to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't, and they do not require modification of application source code.

A WAF protects a Web application by controlling its input and output and the access to and from the application. Running as an appliance, server plug-in or cloud-based service, a WAF inspects every HTML, HTTPS, SOAP and XML-RPC data packet. Through customizable inspection, it is able to prevent attacks such as XSS, SQL injection, session hijacking and buffer overflows, which network firewalls and intrusion detection systems are often not capable of doing. A WAF is also able to detect and prevent new unknown attacks by watching for unfamiliar patterns in the traffic data.

Benefits

Full support for HTTP:

Access to individual fields (field content, length, field count, etc).

Entire transaction (both request and response).

Uploaded files.

Anti-evasion features (also known as normalisation/canonicalisation/transformation features).

Blocking features:

Transaction

Connection

IP Address

Session

User

Honeypot redirection

TCP/IP resets (connection)

Blocking via external device

Stateful operation:

IP Address data

Session data

User data

Event Correlation

High availability:

Failover

Load-balancing

Clustering

State replication

Cookie protection

Sign/encrypt/virtualise

Hidden field protection

Sign/encrypt/virtualise

Session management protection

Enforce session duration timeout, inactivity timeout.

Prevent fixation.

Virtualise session management.

Prevent hijacking or at least warn about it.

Brute-force protection

Link validation

Signing

Virtualisation

Request flow enforcement

Statically

Dynamically