--> Web Application Firewall ( WAF ) is an application layer firewall for web (http) applications.
--> It implements a set of rules to an HTTP Traffic. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection.
--> While proxies generally used to protect clients whereas Web Application Firewalls are used to protect servers.
--> A Web Application Firewall is implemented to protect a specific web application or set of web applications.
--> A Web Application Firewall can also be considered as a reverse proxy.
--> Web Application Firewalls may come in the form of an appliance, server plugin, or filter, and may be customized to an application.
--> Web Application Firewall can be deployed in three modes
i) Transparent : In this mode the http traffic is directly sent to Web Server, therefore the Web Application Firewall is transparent between the client and server.
ii) Reverse Proxy : In this mode the http traffic from client is sent to Web Application Firewall.The Web Application Firewall then separately sends filtered traffic to web applications. This can provide additional benefits such as IP masking but may introduce disadvantages such as performance latency.
--> Commercial vendors which provides Web Application Firewall include following
i)Monitorapp AIWAF
ii)Barracuda Networks WAF
iii)Citrix Netscaler Application Firewall
iv) F5 Big-IP Application Security Manager
v) Penta Security’s WAPPLES
vi) Imperva SecureSphere
vii) Fortinet FortiWeb
viii)Positive Technologies, PT Application Firewall
ix)Ergon Informatik AG, Airlock WAF
--> It implements a set of rules to an HTTP Traffic. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection.
--> While proxies generally used to protect clients whereas Web Application Firewalls are used to protect servers.
--> A Web Application Firewall is implemented to protect a specific web application or set of web applications.
--> A Web Application Firewall can also be considered as a reverse proxy.
--> Web Application Firewalls may come in the form of an appliance, server plugin, or filter, and may be customized to an application.
--> Web Application Firewall can be deployed in three modes
i) Transparent : In this mode the http traffic is directly sent to Web Server, therefore the Web Application Firewall is transparent between the client and server.
ii) Reverse Proxy : In this mode the http traffic from client is sent to Web Application Firewall.The Web Application Firewall then separately sends filtered traffic to web applications. This can provide additional benefits such as IP masking but may introduce disadvantages such as performance latency.
--> Commercial vendors which provides Web Application Firewall include following
i)Monitorapp AIWAF
ii)Barracuda Networks WAF
iii)Citrix Netscaler Application Firewall
iv) F5 Big-IP Application Security Manager
v) Penta Security’s WAPPLES
vi) Imperva SecureSphere
vii) Fortinet FortiWeb
viii)Positive Technologies, PT Application Firewall
ix)Ergon Informatik AG, Airlock WAF
0 comments:
Post a Comment