Understanding Web Application Firewalls

  • Web application firewalls (WAFs) are moving from physical devices to the cloud. They play an important role in defending websites from malicious traffic.
  • Although WAFs cannot protect against all kinds of attacks, they can help strengthen the first line of defense along with other tools and strategies.

What is a WAF?

A Web Application Firewall (WAF) is used to monitor incoming malicious traffic and defend attackers from exploiting known vulnerabilities in the application.

  • Some WAFs may perform several other features apart from these.
  • However, it is important to note that WAFs are meant to only shield and not fix vulnerable applications.
  • Having a WAF may also help you with compliance needs.

A web application firewall monitors and discriminates HTTP(S) traffic and protects the web application. WAFs usually operate on a set of rules that are referred to as policies.

Types of WAF

WAFs can be implemented in three different ways:

  • Network-based WAFs are installed locally and usually require the maintenance and storage of hardware.
  • Host-based WAFs offer customizability but need local server resources and implementation components.
  • Cloud-based WAFs are usually managed by a third-party and offer turnkey installations.

The WAF may be configured to operate on blacklists or whitelists. The negative security model (blacklist-based) defends against known attacks, while a positive security model (whitelist-based) is set up in a way to allow only pre-approved traffic. Certain WAFs also allow the implementation of both the models for improved defense.

WAF and the Capital One Breach

A misconfigured WAF was the reason behind the Capital One breach. The WAF was given permissions in excess when access to the AWS database was given. This misconfiguration reportedly allowed the hackers to communicate with a crucial back-end system in spite of the firewall.

This recent incidents emphasizes the need to implement and monitor WAFs in organizations.