Web Application Firewall (WAF)

A Web Application Firewall protects your web applications

A WAF (Web Application Firewall) detects and blocks the attacks to a website and prevents manipulation of websites. In addition, it protects assets by preventing information leakage through web attacks.

First, if a web application is developed in a secure way, the web application firewall is unnecessary. However, development of a web application with perfect security is near impossibly. It is very difficult to establish a security system that can properly cope with growing web security threats. In some cases, the effort to ensure security is harder than developing the web application. As such, web security is complicated and difficult.

In addition, as the web service system gets more complex, the web application gets larger and more complex. Even if development is based on a careful security plan, it is impossible to forecast every situation. It is difficult to modify and maintain the application and respond to the situation. Most of all, the size of the web application is too large to cover with a single security policy.

The financial necessity in the field leads to the emergence of time-cost saving methods, more manageable security policies, and the Internet firewall.

WAPPLES_정면_썸네일

 Implementation and Operation of the Web Application Firewall (WAF)

A WAF is not a simple device that can be placed in front of servers for installation. It is very important to analyze the business, systems, plan installation and operation. As the web application gets more complex, the importance of analysis and planning increases.

Before installing the WAF,

It is mandatory to understand the business characteristics and expected vulnerabilities of the website. A web attack targets the most vulnerable point. Therefore, the initial domain analysis is very important. Checking the web server domain and establishing a security policy is necessary. In addition, it is necessary to analyze the characteristics of the web application, including compliance with web standards and compatibility with the WAF specifications.

After installing the WAF,

It is necessary to check for mis-detection through simulation hacking, analysis of detection logs, and application of the results to the security policy. The administrator should maintain and manage the firewall based on the security policy. When the website is modified partially or totally, strict management and monitoring is required.

Types of Web Application Firewalls

The WAF can be divided into two types: software and hardware. Software is more affordable with inexpensive price and low maintenance cost, because it is installed on the web server without additional modification. However, it may cause critical problems such as interruption of web services if the WAF is misoperated.

Therefore, most WAF products are of the hardware type. The hardware type does not affect the server directly, because it is separately installed on the network. Therefore, it is very convenient to install and maintain the firewall.

To enhance convenience, the appliance type (software installed on the server) is the most popular product type.

Intelligent Web Application Firewall

The most important factors that must be considered to determine a WAF are performance and security.

When performance is focused, security may decrease. When security is decreased, performance may be degraded.

An excellent WAF provides sufficient security without degradation of performance.

Generally, the WAF searches the string at the content level to check the signature of the syntax.

The 1st-generation firewall created a list of normal accesses to determine whether to block or not. The white list is a list of safe accesses and the black list is a list of dangerous attacks. However, the 1st-generation firewall frequently considered and blocked a safe access as an attack. To reduce this misdetection, the web service administrator had to update the black list and the white list constantly.

The 2nd-generation firewall has evolved to create the list automatically. With this automation, the problem of the 1st-generation looked to be solved. However, as the size of web services increased, it could not properly respond to the changing environment. In addition, even if the list was automatically created, confirmation of the list was solely left to the administrator.

To solve this problem, the 3rd-generation intelligent WAF was developed.

The intelligent WAF does not rely on the list, nor does it rely on the black list or the white list. With a rule-based intelligent engine, it determines as normal access when the access passes all criteria. It shows little misdetection and hardly affects the service performance in comparison to the list type WAF.

Penta Security’s WAPPLES is an intelligent WAF.

With Penta Security’s own logic operation detection engine, the COCEP, through semantic and heuristic attack technique analysis, WAPPLES can detect attacks accurately and block ‘unknown attacks.’