Web Application Firewall

Table of Contents

Web Application Firewall & Application Layer Gateway

This article from our per secteam provides insight into what a Web Application Firewall (WAF) / Application Layer Gateway (ALG) is, how it works, how it differs from a regular firewall, why it is needed and what benefits it offers.

What is a Web Application Firewall (WAF) / Application Layer Gateway (ALG)?

Essentially, a visible proxy server differs from a transparent proxy server in the network infrastructure. With a transparent proxy server, it is not obvious to at least one communication partner that an additional instance (proxy) is available as a central communication bridge. The communication partners assume that they are communicating directly. The proxy server is therefore “invisible”. The network infrastructure is configured so that all requests are automatically routed through a proxy instance. The proxy then acts as a representative communication partner.

A visible proxy server, on the other hand, appears as a visible, independent instance and is addressed via its own public IP address

Why is a web application firewall needed?

Interfaces that are offered to the outside world are always the target of attacks, be it services to gain access to the devices themselves, such as SSH and/or FTP, or limiting the availability of the application, for example through denial of service Attacks (see also Distributed Reflective Denial of Service attacks). Such attacks can easily be carried out from the script kiddie level.

Applications are often developed by humans and in one way or another have bugs or vulnerabilities that cannot be discovered even after unit testing. Therefore, they are constantly exposed to attacks that exploit their vulnerabilities. Such attacks require advanced skills, which also means attackers are after expensive assets. A web application firewall can help you with this.

Do you want to have the security of your web applications tested?
We offer you a professional web application pentest!
More about web application pen testing
Icon Laptop Gear

Features of Web Application Firewall and Application Layer Gateway

In order to be able to protect applications, web application firewalls/application layer gateways offer a number of mechanisms. These are:

Anomaly detection algorithms

These create normal requirement profiles of applications and servers and then differentiate anomalous requirements from the normal requirement profiles that have already been created.

Heuristic algorithms

This feature checks for attributes/patterns or so-called “behaviors/actions” within files/scripts to decide whether it is a safe or malicious file.

Signature-based algorithms

This is a feature that identifies attacks by matching attack patterns with the database of signatures of known malware.

Snort rules can be integrated

Classic firewall rules

eg allowing connections to a single IP

operating mode

Web application firewalls are capable of working in two modes: passive mode and active mode.

Passive mode:

This means that the Web Application Firewall performs actions such as monitoring and logging, but does not respond to traffic. However, with systems such as SIEM, it can be configured to receive alarms or just send events.

Active mode

Web application firewalls operating in this mode examine the data content of network traffic flowing through them and actively protect against threats by blocking or removing them. This ensures that such threats do not reach the application servers.

Icon idea

Difference between a firewall and a web application firewall

There is usually a misunderstanding about what the difference is between one Firewall and a web application firewall. Here are some explanations based on the layers they work on (OSI layers), their functions (what they do) and the locations where they are deployed (network location).

1. OSI layer

The firewall works at layers 3 and 4. Web application firewalls work up to layer 7.

2. Features

A firewall serves as a security boundary between a trusted network and an untrusted network, where it determines what traffic should be allowed, while web application firewalls control the data content of the protocols at Layer 7 and detect protocol violations and malicious content.

3. Location

Firewalls are most often placed at the edge of networks and between internal and DMZ networks, while web application firewalls are also placed in front of applications and servers, providing protection against threats that target those servers or the entire network.

What type of threats does the Web Application Firewall protect against?

As mentioned earlier, web application firewalls protect against attacks that are generally focused on applications and servers. Examples of such threats include:

• Infected or unauthorized file attachments

• Layer 7 DDOS attacks

• SQL injection

• Cross-site scripting attacks

• Zero-day attacks

• HTTP verb tampering

Take advantage of our IT security consulting offer
We would be happy to advise you
Contact us now

Conclusion on web application firewalls

Web Application Firewalls/Application Layer Gateways Although similar in definition to the traditional firewall, they are different and have a unique role in defending a network. It is important to understand this difference to ensure an adequate line of defense to prevent serious cyberattacks.

DIVIDE
Newsletter Form

Become a Cyber ​​Security Insider

Get early access and exclusive content!


By signing up, you agree to receive occasional marketing emails from us.
Please accept the cookies at the bottom of this page to be able to submit the form!
OTHER CONTRIBUTIONS

Table of Contents

PSN_KU_Cover
NewsLetter Form Pop Up New

Become a Cyber ​​Security Insider

Subscribe to our knowledge base and get:

Early access to new blog posts
Exclusive content
Regular updates on industry trends and best practices


By signing up, you agree to receive occasional marketing emails from us.
Please accept the cookies at the bottom of this page to be able to submit the form!