Web Application Firewall (WAF)

WebMux FireEdge™ for Apps

Web Application Firewall (WAF) functions have an essential purpose in a network infrastructure.  Web sites are rapidly growing with rich features built from interactive applications to enhance the interaction experience for customers.  Not only do these applications help increase web site engagements, but on the down side they also open up vulnerabilities and opportunities for hackers to exploit these web sites.

The WebMux FireEdge™ for Apps adds web application firewall features that now provide more web application security than ever by monitoring HTTP traffic to and from the back-end network servers, detecting and blocking malicious activities.

A traditional firewall is the standard safeguard against predictable attacks. Blocking ports or IP addresses not relevant to the service you are providing is the first line of defense for your public-facing servers against a substantial number of attacks. However, a firewall still leaves some gates wide open. You provide service, and the open ports and IPs that the public uses to access your site are vulnerable to attack. You might hope only friendly patrons are accessing your site, but sadly that is unrealistic. One should always assume that anything open to the public on the Internet would be scanned and scoured for vulnerabilities. Modern applications allow creating more feature-rich and interactive web sites, enhancing the user experience. But as these applications have become more common, so have hackers trying to exploit their weaknesses. A traditional firewall can’t protect you from these malicious activities, because attackers can access your services just as easily as any one of your patrons.

This is where a Web Application Firewall comes in. A WAF protects your services when blocking specific ports and IPs is impractical. Your site needs publicly open ports to be useful, and a traditional firewall can’t tell a legitimate patron from a malicious hacker. A WAF examines the network traffic at the application level and detects malicious attempts to enter your server. Some exploits, such as unwanted access or denial of server, cause your server to behave in unwanted ways, leading to downtime and loss of revenue. Other exploits may hijack your site making your servers active participants in malicious web activity. Both types of exploits should concern everyone with a publicly accessible website.

Incorporating a Web Application Firewall into your network infrastructure used to require costly additional hardware and skilled administration only large businesses could afford. Thankfully the open source developers Trustwave SpiderLabs® created ModSecurity®, a highly respected software-based WAF. WebMux now makes taking advantage of ModSecurity’s valuable protection simpler and faster than ever before.

AVANU WebMux FireEdge for Apps adds the integration of the ModSecurity WAF into their network hardware and virtual appliances as a standard feature. The WebMux FireEdge for Apps featuring ModSecurity comes complete with the Open Web Application Security Project (OWASP) Core Rule Set 3, protecting your server from the OWASP Top 10 most dangerous Web application security flaws:

Unvalidated Input: If web requests used by a web application are not validated before reaching the web application, flaws can be used to attack backend components through a web application.

Broken Access Control: If restrictions on what authenticated users are allowed to do are not properly
enforced, flaws can be exploited to access users’ accounts, view restricted files, and other unauthorized functions.

Broken Authentication and Session Management: If account credentials and session tokens are not properly protected, then password, keys, session cookies, or other tokens can override session restrictions and assume other users’ identities.

Cross Site Xcripting (XSS) Flaws: This exploit uses the Web application as a mechanism to transport an attack to an end user’s browser and can disclose the end user’s session token, attack the client machine, or spoof content to fool the user.

Buffer Overflows: CGI, libraries, drivers, and Web application server components that do not properly validate input can be crashed and, even possibly, be used to take control of a process.

Injection Flaws: An attacker can embed malicious commands in the parameters Web applications send to external systems or the local operating system.

Improper Error Handling: If error conditions that occur during normal operation are not handled properly, an attacker can cause errors to occur that the Web application does not handle. They can gain detailed system information, deny service, cause security mechanisms to fail, or crash the server.

Insecure Storage: Cryptographic functions in Web applications used to protect information and credentials can be difficult to code and integrate properly, resulting in weak protection.

Denial of Service (DoS): Attackers can consume Web application resources to the point where legitimate users can no longer access or use the application. Users can be locked out of their accounts or even cause the entire application to fail.

Insecure Configuration: Servers have many configuration options that affect security and are generally not secure by default.