Author Topic: Introduction to Web Application Firewall (WAF) ~ Website Security  (Read 554 times)

0 Members and 1 Guest are viewing this topic.

Offline ebenzunlimited

  • Lead Admin
  • *****
What is WAF? WAF is expanded as Web Application Firewall. WAF is server side application that controls the input and output(filter the HTTP communication).  It controls network traffic on any OSI Layer up to Application Layer.  The main purpose of WAF is to provide better protection over the top Wep Application vulnerability such as XSS(Cross Site Scripting), SQL Injection,RFI.  Daily lot of websites h*cked because of these vulnerability.  Read Our Security News Section to know about the Security Risks in Interent.  Standard firewall blocks Non-HTTP attacks(restriction of ports,access..).  This WAF blocks HTTP attack.

The Most common Web Application Vulnerabilities:


    SQL Injection(SQLi)
    Cross-Site Scripting (XSS)
    Broken Authentication and Session Management
    Insecure Direct Object References
    Cross-Site Request Forgery (CSRF)
    Security Misconfiguration
    Insecure Cryptographic Storage
    Failure to Restrict URL Access
    Insufficient Transport Layer Protection
    Unvalidated Redirects and Forwards


The Wep Application Firewall(WAF) must meat the following features:


    Protection Against Top Vulnerability(XSS,SQLi,..etc)
    Very Few False Positives (i.e., should NEVER disallow an authorized request)
    Strength of Default (Out of the Box) Defenses
    Power and Ease of Learn Mode
    Types of Vulnerabilities it can prevent.
    Detects disclosure and unauthorized content in outbound reply messages, such as credit-card and Social Security numbers.
    Both Positive and Negative Security model support.
    Simplified and Intuitive User Interface.
    Cluster mode support.
    High Performance (milliseconds latency).
    Complete Alerting, Forensics, Reporting capabilities.
    Web Services\XML support.
    Brute Force protection.
    Ability to Active (block and log), Passive (log only) and bypass the web trafic.
    Ability to keep individual users constrained to exactly what they have seen in the current session
    Ability to be configured to prevent ANY specific problem (i.e., Emergency Patches)
    Form Factor: Software vs. Hardware (Hardware generally preferred)

Top 10 Open Source Web Application Firefwall(WAF):

ModSecurity (Trustwave SpiderLabs)
AQTRONIX WebKnight
ESAPI WAF
WebCastellum
BinarySec
[email protected]
OpenWAF
Ironbee
Profense
Smoothwall
Insane I Lived♥ Sane I Died♥<img src='http://i253.photobucket.com/albums/hh74/reallytired2/family%20pictures/buckeye%20stuff/clap.gif' />

cismohit

  • Guest
Re: Introduction to Web Application Firewall (WAF) ~ Website Security
« Reply #1 on: October 19, 2012, 10:14:08 AM »
hmm good technical info


newbielink:http://www.expertsfromindia.com [nonactive]

 

* Post Updates

Inside: 3P Techies Blog

* Newest Techies

Get Updates


Sign up to get latest updates delivered to your inbox. No Spam, We Promise!

Get Hosting!

a Faster web hosting service

Copyright 3rd Planet Techies. All rights Reserved.

Top || Mobile ||Advertise || Contact Us || Privacy