What is a WAF?
A Web Application Firewall (WAF) is used to monitor incoming malicious traffic and defend attackers from exploiting known vulnerabilities in the application.
A web application firewall monitors and discriminates HTTP(S) traffic and protects the web application. WAFs usually operate on a set of rules that are referred to as policies.
Types of WAF
WAFs can be implemented in three different ways:
The WAF may be configured to operate on blacklists or whitelists. The negative security model (blacklist-based) defends against known attacks, while a positive security model (whitelist-based) is set up in a way to allow only pre-approved traffic. Certain WAFs also allow the implementation of both the models for improved defense.
WAF and the Capital One Breach
A misconfigured WAF was the reason behind the Capital One breach. The WAF was given permissions in excess when access to the AWS database was given. This misconfiguration reportedly allowed the hackers to communicate with a crucial back-end system in spite of the firewall.
This recent incidents emphasizes the need to implement and monitor WAFs in organizations.
Publisher