For VendorsBlog
Login

WAF-web application firewall

WAF-web application firewall

A web application firewall is a special type of application firewall that applies specifically to web applications. It is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic - detecting and blocking anything malicious. The OWASP provides a broad technical definition for a WAF as “a security solution on the web application level which - from a technical point of view - does not depend on the application itself.” According to the PCI DSS Information Supplement for requirement 6.6, a WAF is defined as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.” In other words, a WAF can be a virtual appliance that prevents vulnerabilities in web applications from being exploited by outside threats. These vulnerabilities may be because the application itself is a legacy type or it was insufficiently coded by design. The WAF addresses these code shortcomings by special configurations of rule-sets, also known as policies.

Previously unknown vulnerabilities can be discovered through penetration testing or via a vulnerability scanner. A web application vulnerability scanner, also known as a web application security scanner, is defined in the SAMATE NIST 500-269 as “an automated program that examines web applications for potential security vulnerabilities. In addition to searching for web application-specific vulnerabilities, the tools also look for software coding errors.” Resolving vulnerabilities is commonly referred to as remediation. Corrections to the code can be made in the application but typically a more prompt response is necessary. In these situations, the application of a custom policy for a unique web application vulnerability to provide a temporary but immediate fix (known as a virtual patch) may be necessary.

WAFs are not an ultimate security solution, rather they are meant to be used in conjunction with other network perimeter security solutions such as network firewalls and intrusion prevention systems to provide a holistic defense strategy.

WAFs typically follow a positive security model, a negative security, or a combination of both as mentioned by the SANS Institute. WAFs use a combination of rule-based logic, parsing, and signatures to detect and prevent attacks such as cross-site scripting and SQL injection. The OWASP produces a list of the top ten web application security flaws. All commercial WAF offerings cover these ten flaws at a minimum. There are non-commercial options as well. As mentioned earlier, the well-known open source WAF engine called ModSecurity is one of these options. A WAF engine alone is insufficient to provide adequate protection, therefore OWASP along with Trustwave's Spiderlabs help organize and maintain a Core-Rule Set via GitHub[16] to use with the ModSecurity WAF engine.

Compare of products in the category WAF-web application firewall

Please turn the screen for optimal content display

Compare: WAF - Web Application Firewall

Characteristics

SSL Transactions/Second

Platform Throughput

Ports

Height

SQL Injection Attacks

Cross-Site Scripting Attacks

Cookie Tampering

Form Validation and Protection

HTTP and XML Reply and Request format validation

JSON payload inspection

Signature and Behavior based protections

Data Loss Prevention (DLP) support

XML Denial of Service protection

Authentication, authorization and auditing support

Support for SSL offloading

Reporting and Policy tools that provide for easier PCI-DSS compliance verification

IP Reputation Database

Support for LDAP, RADIUS, Local, SAML 2.0

HIPPA compliance verification

Layer 7 Denial of Service protection

Layer 4 Denial of Service protection

Session Hijacking

SOX or BASEL II compliance verification

Virtual Patching

Integration with Sandbox

Authentication support NTLM and Kerberos

Additional Protection for SMTP and FTP attacks (SPAM, Antivirus, Harvesting, Fraud)

DoS/DDoS protection/Botnet Protection

Stateful Firewall

SOAP, HTML5 sockets, Web 2.0 Protections

3rd Party Vulnerability Integrations

NSS Labs Recommended

N/A
N/A
N/A
N/A
2500
1500
N/A
N/A
N/A
N/A
2000
N/A
2230
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
25 Mbps
500 Mbps
N/A
N/A
N/A
N/A
5000 Mbps
25 Mbps
500 Mbps
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • 2x100FE Copper w/Bypass
  • 6xGE (Copper)
  • N/A
  • N/A
  • N/A
  • N/A
  • 8-GE (Copper)
  • Optional SFP
  • 2-10GE SR or LR
  • 4-GE(Copper)
  • 4-1GE (Copper)
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
  • N/A
N/A
N/A
N/A
N/A
1U (mini)
1U
N/A
N/A
N/A
N/A
1U
1U (desktop)
1U
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A