Web application firewalls (WAF)

Web application firewalls (WAF) are an evolving information security technology designed to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't, and they do not require modification of application source code.

A WAF protects a Web application by controlling its input and output and the access to and from the application. Running as an appliance, server plug-in or cloud-based service, a WAF inspects every HTML, HTTPS, SOAP and XML-RPC data packet. Through customizable inspection, it is able to prevent attacks such as XSS, SQL injection, session hijacking and buffer overflows, which network firewalls and intrusion detection systems are often not capable of doing. A WAF is also able to detect and prevent new unknown attacks by watching for unfamiliar patterns in the traffic data.

Benefits

  • Full support for HTTP:
  • Access to individual fields (field content, length, field count, etc).
  • Entire transaction (both request and response).
  • Uploaded files.
  • Anti-evasion features (also known as normalisation/canonicalisation/transformation features).
  • Blocking features:
  • Transaction
  • Connection
  • IP Address
  • Session
  • User
  • Honeypot redirection
  • TCP/IP resets (connection)
  • Blocking via external device
  • Stateful operation:
  • IP Address data
  • Session data
  • User data
  • Event Correlation
  • High availability:
  • Failover
  • Load-balancing
  • Clustering
  • State replication
  • Cookie protection
  • Sign/encrypt/virtualise
  • Hidden field protection
  • Sign/encrypt/virtualise
  • Session management protection
  • Enforce session duration timeout, inactivity timeout.
  • Prevent fixation.
  • Virtualise session management.
  • Prevent hijacking or at least warn about it.
  • Brute-force protection
  • Link validation
  • Signing
  • Virtualisation
  • Request flow enforcement
  • Statically
  • Dynamically