Securing Applications at the Application Layer

Introduction Of Web Application Firewall

• A Web Application Firewall (WAF) acts as a security system which protects web applications by filtering, and blocking malicious HTTP/HTTPS traffic between users and the web application.

• It works at the OSI model Layer-7 which is application layer.

• A Web Application Firewall specifically protects web applications from application-layer attacks (Layer 7)

• WAF = Security guard for your website/application.

How does WAF work?

A WAF deployed between the internet and the web application.

Work flow:

• User sends the request (login / form / URL)

• WAF checks the request and compares it with security rules

• If any attack pattern detected → BLOCK

• If the request is safe → ALLOW

WAF analyses URL, Header, Cookies, Request body (GET, POST)

Why do we need a web application firewall?

Network firewalls protect networks and servers, but modern attacks directly target web applications. And the network firewall does not protect against web application vulnerabilities.

Network firewall:

• Knows IP, port, protocol

• But doesn’t understand website requests

Hackers attack websites using:

• SQL Injection

• XSS

• Fake form submissions

• Malicious bots

Common attacks like these can passthrough normal firewalls.

But, Web Application Firewall (WAF) understands website-level attacks. So, it protects against web application vulnerabilities.

Types of WAF

1. Network-based WAF

2. Host-based WAF

3. Cloud-based WAF

Network based WAF

• Network based WAF is also called as Hardware based WAF

• Deployed on internal network

• Managed internally by security teams

• Uses predefined and custom security rules

Example: Hardware-based

Host-Based WAF

Installed directly on the application server

• Host based WAF is also called as Software based WAF

• Highly customizable rules

• Uses server resources

• It requires application-level maintenance

Example: ModSecurity

Cloud-Based WAF

It is provided as a Service.

• Hosted by a third-party vendor.

• All web traffic is routed through the cloud WAF

• No hardware required

• Easy and quick deployment

• Cost-effective

• It requires minimal maintenance

Example: AWS WAF, Cloudflare WAF, Azure WAF

Kind of attacks WAF block?

1. SQL Injection -Hackers inject malicious SQL queries to access database. Impact: Steals Data, deletes database record

2. Cross-Site Scripting (XSS) -Attackers inject Malicious scripts into webpage. Impact: Session hijacking, Steals cookie

3. Cross-Site Request Forgery (CSRF) - Hackers tricks logged in user to perform unwanted actions like changing password, amount transferring without their knowledge. Impact: Unauthorized transactions, Account misuse

4. Malicious Bot & DDoS attacks – It overloads the application with massive requests at the same time. Impact: Application downtime, Server overload

WAF vs Network Firewall

WAF Limitations & Challenges

Key limitations:

• Protects against attacks on web application but cannot fix any bug or vulnerabilities in application

• False positives may block legitimate users

• New attacks might happen regularly. So, it requires regular tuning and rule updates

• WAF protects external attacks but cannot protect against insider attacks.

• Advanced logic-based attacks can passthrough WAF.

Conclusion

A Web Application Firewall (WAF) plays an essential role in protecting a web application against application-level attacks that traditional firewalls cannot handle. It reduces the risk of external threats. It significantly strengthens an organization’s web application security posture.