Web Application Firewall (WAF)

A Web Application Firewall is designed for protecting web applications against multiple application layers, including SQL injections, XSS cross-site scripts, and Cookie Poisoning. Attack on an app can become a crucial reason for a breach, and they're a way to steal sensitive and valuable data from you. With a properly implemented WAF, a hacker can easily deactivate the array of application-layer attacks targeting the data and compromising the system.

The open-source Web Application Firewall (WAF) ModSecurity is an Apache module that provides a web application firewall engine to protect your websites and applications from zero-day attacks. It has out of box support for PHP, ASP, JSP and ASP.NET on Windows and Linux/Unix servers with FastCGI or mod_proxy_fcgi. The rules include many commonly exploited attack vectors such as SQL injection and cross-site scripting (XSS). An increasing number of exploits are "application-layer" exploits that do not directly target the proxy server or the operating system but exploit flaws in custom web applications: buffer overflows, format string vulnerabilities, path traversals, and so forth. Outbound data leakage protection enables you to block HTML fragments, cookies, and sensitive data sent to untrusted locations.

If you are looking for a new web application firewall

ModSecurity is the most popular open-source WAF. It has out of box support for PHP, ASP, JSP, and ASP.NET on Windows and Linux/Unix servers with FastCGI or mod_proxy_fcgi. The rules include many commonly exploited attack vectors such as SQL injection and cross-site scripting (XSS). An increasing number of exploits are "application-layer" exploits that do not directly target the web server or the operating system but exploit flaws in custom web applications. ModSecurity protects against these attacks too!

You can download it here right now to start protecting your website from zero-day attacks today! If you have any questions about getting started, feel free to contact us at any time! We're always happy to help our customers protect their websites from hackers worldwide who want nothing more than to steal your data and sell it online. So don't let them win - install ModSecurity today!

The key features of ModSecurity:

- Powerful Core engine implementing all W3C recommendations for standard compliance

- More than 70 Request Limit options which enable user agent limiting on a per IP basis as well as global rate limit by country or client profile

- Low false positive rate through advanced rule matching (99%+)

- Logging in the Apache logs via standard combined web access log format

- HTTP over SSL/TLS support (HTTPS) for encrypted traffic inspection and protection

- Session Management capabilities - Cookie flag management and XSRF token defence

- IPv4 and IPv6 Protocol Support – with a dual-stack implementation

- Intrusion Prevention through a unique combination of factors, including unique obfuscation detection

- Memory consumption limiting - enabling large installations to include ModSecurity without out of memory issues

- Support for large rule sets and external response data sources

- Low resource utilization (compared to other technologies), especially on multiprocessor systems

- Proxy support for outbound HTTP protection

The difference between a web application firewall (WAF), an intrusion prevention system (IPS) and a next-generation firewall (NGFW)

A WAF is a network appliance, typically located on the customer's perimeter network or even in the cloud, that enforces rules designed to prevent attacks against web applications and services residing behind it. An IPS is also a device, appliance, or software capable of real-time traffic analysis and packet inspection within security devices. It takes action based on what has previously happened (that is, it works with historical data) rather than current incoming packets (that is, it works with inbound packets only). For example, an IPS can drop packets that are known zero-day threats but cannot block unknown threats until they appear. A next-generation firewall (NGFW) applies functions traditionally done by specialized devices such as firewalls and IPSs in a single box, often with deep packet inspection and/or application layer inspection capabilities. It can control traffic at Layers 3 through 7 of the OSI model.

A web application firewall (WAF) sits between your web server and incoming requests from users across the Internet and scans those requests for signs of trouble. An IPS inspect all traffic on the network, analyzing packets against its criteria or modifying them as it sees fit. An NGFW combines some of the best features of both: inspecting not just packets but also application content and transactions.

Request Limit Options:

- Country Blocking option that enables limiting access based on client IP addresses

- Rate limit that enables limiting the number of requests per time window

- User-agent limiting that enables blocking requests targeted for specific user agents

- IP address blacklists option, which enables blocking requests from individual IP addresses or entire subnets

- Nonce verification that ensures the web application is using SSL nonces to prevent MiTM attacks

- Compute hash options allowing restricting protection only to specific file types (e.g., .php)

- Request throttling functionality allows delaying specific requests before they are processed by the web application, thus reducing the risk of DoS attacks

WAF policy and rules

A free Cloud Edition is available for users implementing a cloud-based WAF solution for the first time for a limited time. This edition is limited to 10 rules and 100 MB of content inspection data traffic/month but offers the same functionality as other editions.

"We are releasing this new edition to help our customers adopt ModSecurity in their environment at no cost," said John Cartwright, CTO of Imperva. "We believe that open source projects should be accessible to everyone, regardless of budget or experience. With this release, anyone can now have an enterprise-class WAF without having to spend big on expensive licenses."

Imperva's ModSecurity WAF also includes support for pluggable ModSecurity response actions, which allow users to retrieve external data sources (to identify attack campaign signatures) and perform other tasks.

Imperva's WAF also includes built-in response data sources, including Attack Signatures Library (ASL), third-party rulesets, custom rule sets, or uploads of user-defined payload lists.

"We are proud that Imperva has joined the ModSecurity Core Rule Set project as a sponsor member under the OWASP umbrella," said Randall Wald, CTO at Imperva. "Our customers will benefit from the experience of our dedicated team in building products based on open source technologies."

According to Cartwright, ModSecurity originated within his company after their security tests revealed that a large percentage of breaches exploited vulnerabilities within web applications. "We realized that application security is not just about fixing code, but also about protecting the app from attacks," he said.

The OWASP ModSecurity Core Rule Set (CRS) project helps organizations protect their websites against attacks by identifying vulnerable areas in website configuration and examining user input for potentially malicious behaviour. The CRS has been battle-tested across many customer installations, with almost 400,000 downloads to date.

Web application firewall work

A web application firewall sits between your web server and incoming requests from users across the Internet and scans those requests for signs of trouble. It can also block attacks that exploit vulnerabilities in web applications.

For more than a year, Imperva's AppDefense has provided automated protection against all types of cyberattacks without requiring changes to existing infrastructure or application code.

"Criminals are quick to evolve their techniques to take advantage of new technologies," said Evelyn Ridsdale, CMO at Imperva. "Our goal is to make it easy for companies to stop attackers no matter what their capabilities or methodologies by giving them greater visibility into their environments."

AppDefense continuously monitors both inside-out (i.e., an internal agent) and outside-in (i.e., traffic to the webserver) for malicious activity, providing automatic protection against today's most advanced attacks. In addition, AppDefense recently added support for network firewalls, integrating with Palo Alto Networks next-generation security platforms to provide automated attack mitigation in an integrated configuration.

"At Lastline, we are constantly looking for ways to block even the most sophisticated attacks without causing any disruption to our customers' business," said Sumit Agarwal, founder and CEO at Lastline. "Imperva's automated protection provides us with that additional layer of security."

AppDefense alerts you about suspicious activity through its management console, offering unlimited integrations with third-party intrusion prevention systems. It also includes a single workflow for forensic investigation across all incidents, whether initiated by humans or machines.

"We are excited to join OWASP as a sponsor member of their Core Rule Set project," said Ridsdale. "As the adage goes, a rising tide lifts all boats.' Just as rule sets have helped OWP grow since 1999, they will be critical to OWASP's growth and acceptance as the industry standard for open-source application security testing."

The different ways to deploy a WAF

Most WAFs are deployed as a reverse proxy or network firewall, with the webserver residing behind it. This allows for an extra layer of protection against incoming attacks and visibility into what users are doing on your website.

"Security professionals have told us loud and clear that they want to automate their security programs," said Ridsdale. "We also understand that many companies are not starting from scratch around application security—they've already invested in other products to keep their organizations safe, which is why we support open standards like OWASP CRS."

The OWASP CRS does one thing well: identifying vulnerabilities within applications running on web servers. It's designed for ease of use alongside any existing toolchain, including vulnerability scanners, penetration tests, SIEMs, and security information and event management (SIEM).

One of the drawbacks to a WAF is that it must be configured for each different web application. This drawback is exacerbated when an organization has many applications on its website. Automating this configuration through OWASP CRS makes deploying a WAF easier for developers and cyber-security teams.

"The "biggest challenge in mitigating web application attacks today isn't reducing threats'" Ridsdale. "It's using development teams to prioritize building security into their workflow from the start instead of waiting until the end of the project to bolt it on."

Wit" over 100 rules across ten categories, implementing OWASP CRS directly into your custom or off-the-shelf WAF offers greater security for your web applications with minimal effort.

Imperva offers two Application Gateway WAF SKU'sSKU'sase contact Imperva or one of our partners for further information on pricing and availability.

• AppDefense Virtual Edition: This is an on-demand WAF solution, providing an additional layer of protection against increasingly sophisticated attacks without impacting your user experience. The capacity to stop attacks scales with the usage of the application, which means you only pay for what you need. You can also try it free for 30 days by signing up at www.appdefense.com

• AppDefense Connect Edition: This provides all features included in AppDefense Virtual Edition, as well as out-of-the-box detection capabilities for OWASP 10 vulnerabilities (e.g. SQL injection, cross-site scripting, etc.) and privilege escalation. This edition is available on a subscription basis for $3k/month per instance.

Benefits

Website security services and Web application security solutions from specialists on Geolance marketplace: Email and Web Security, Encryption, DDoS attack mitigation. Your website is relatively insecure if your website stores financial assets such as credit card or identity information. Nowadays, every enterprise is at risk from web-borne threats. One of the most popular ways to protect your system from hackers and any intrusion is an Azure Web Application Firewall - an online security solution that filters out lousy HTTP traffic between a client and a web application. Specialists on our digital marketplace offer development of Web application protection that will help you diminish your vulnerability and educate you and users about unsafe practices.

Our specialists can define web application firewalls or WAFs on several criteria, and they can be: cloud, appliance, or integrated. On the Geolance marketplace, you can find experts in protection solutions for data center, network, application, endpoint, cloud, and access to provide one integrated security machine to endow with proper non-stop protection. This reduces the need for redundant policies across the enterprise and numerous touchpoints. Also, it makes your network gradually more and more secure and easy to control.

We recommend hiring WAF developers to give good protection solutions as a leading digital marketplace. Also, WAF provides additional functions such as caching, load balancing, compression, connection pooling, and SSL acceleration, enhancing website reliability and performance.