A Web Application Firewall (WAF) is a device which is going to take over the Web Server and receive the requests from the client. Then, as it fully understands the request and the context, it will be capable to filter attacks, transform requests and responses, accelerate the traffic, force encryption of sensitive data and perform authentication on behalf of the server itself.
Web Application attacks use many different vectors and operation mode. Therefore it is necessary to implement several modules which will make it possible to detect all types of attacks. We block the common injections (SQL, JavaScript – XSS, CSRF etc. - , LDAP etc.) thanks to negative, positive and scoring model-based modules; (D)DoS, Site spidering and Brute Force attacks are blocked thanks to our statistical engine; identity and session hijacking are prevented through links tracking and cookies encryption; client-side malwares injected into the browser are blocked thanks to our unique Client Sanitization module etc.
Any Web Application is exposed to attacks, either directly or indirectly via compromised clients. However main targets are Webmail applications, ERP frontends and collaborative infrastructure portals, as they provide direct access to enterprise critical data. In the meantime any Web Application which deals with sensitive data, such as ebanking, ebusiness applications handling credit cards etc. is an ideal target.
Of course. Network firewalls ensure that only some specific type of traffic is authorized to access the IT infrastructure. However they do not guarantee that the data transported by this traffic is safe. A Web Application Firewall ensures that this traffic doesn’t contain an attack.
Intrusion Prevention Systems are network based devices. It means that they try to identify attacks by analyzing the network traffic with a very limited understanding of the application context. While they can be very efficient against network and operating systems layer attacks they are no longer relevant at the application layer.
Web Application Firewalls implement Load-Balancing capabilities. As an example rWeb is able to Load-Balance the incoming traffic between a cluster of rWebs devices and the outgoing traffic to Web servers farms. In such a case a Load-Balancer is not necessary for the Web traffic.
Yes. All Deny All products now implement an innovative transparent mode option, which doesn’t compromise security. In this mode, rWeb, sProxy and rXML still operate as reverse proxies, in line with the Web traffic and thus able to identify and block attacks. Unlike competing products, Deny All’s transparent mode preserves the benefits of the reverse proxy architecture, including protocol break and infrastructure masking. But it removes the need to modify IP addresses and DNS settings.
The test process of a Web Application Firewall highly depends on the needs and the technical environment in which they will be deployed. However it is mandatory to keep in mind that the most important feature is security. Performing security tests implies that application security specialists are involved in order to launch “real-life” attacks and fully understand the results. Otherwise there will be no way to clearly distinguish the difference between the players, while they are huge...
FAQ