Tuesday, April 11, 2017

Word of the Day: Web application firewall (WAF)

Word of the Day WhatIs.com
Daily updates on the latest technology terms |April 11, 2017
Web application firewall (WAF)

A Web application firewall (WAF) is a firewall that monitors, filters or blocks data packets as they travel to and from a Web application. A WAF can be either network-based, host-based or cloud-based and is often deployed through a proxy and placed in front of one or more Web applications. Running as a network appliance, server plug-in or cloud service, the WAF inspects each packet and uses a rule base to analyze Layer 7 web application logic and filter out potentially harmful traffic.

Web application firewalls are a common security control used by enterprises to protect Web applications against zero-day exploits, impersonation and known vulnerabilities and attackers. Through customized inspections, a WAF is also able to prevent cross-site scripting (XSS) attacks, SQL injection attacks, session hijacking and buffer overflows, which traditional network firewalls and other intrusion detection systems may not be capable of doing. WAFs are especially useful to companies that provide products or services over the Internet.

Network-based WAFs are usually hardware-based and can reduce latency because they are installed locally, as close to the application as possible. Most major network-based WAF vendors allow replication of rules and settings across multiple appliances, thereby making large scale deployment and configuration possible. The biggest drawback for this type of WAF product is cost.

Host-based WAFs may be fully integrated into the application code itself. The benefits of application-based WAF implementation include low cost and increased customization options. Application-based WAFs can be a challenge to manage because they require local libraries and depend upon local server resources to run effectively.

Cloud-hosted WAFs offer a low-cost solution for organizations that want a turnkey product. Cloud WAFs are easy to deploy, are available on a subscription basis and often require only a simple DNS change to redirect application traffic. Although it can be challenging to place responsibility for filtering an organization's web application traffic with a third-party provider, the strategy allows applications to be protected across a broad spectrum of hosting locations and use similar policies to protect against application layer attacks.

Quote of the Day

"Although WAFs are most helpful for applications where source code is not available, other applications benefit because WAFs can provide protection during the period between the discovery of a vulnerability and the release of updated source code." - Karen Scarfone

 

Trending Terms

cross-site scripting
PCI DSS
SOAP
zero-day exploit

AWS Web Application Firewall

next-generation firewall

 
Learning Center

Stop app attacks with a Web application firewall
App attacks are increasing and web application firewalls are a key to halting them. Learn how to determine which WAF is best for your enterprise.

Business-use scenarios for a Web application firewall deployment
Expert Brad Causey outlines the business cases for deploying Web application firewalls (WAFs) and explains how they protect organizations with applications exposed to the Internet.

How cloud WAF implementations can improve application security
Cloud WAF provides protection for applications hosted off-site or in the cloud. Learn about how providers filter traffic and transfer logs to enterprises.

Four questions to ask before buying a Web application firewall
Expert Brad Causey outlines the important questions enterprises need to ask when buying Web application firewalls to make sure they are procuring the right WAF for their business needs.

What are the compliance requirements for Web application firewalls?
Why organizations are opting for Web application firewalls and how to keep them up to date with compliance mandates for maximum security protection.

Writing for Business

A Web application firewall (WAF) is able to detect and _____ new unknown attacks by watching for unfamiliar patterns in the traffic data.
A. avoid
B. prevent
Answer

 

 

 

Stay In Touch
For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com

 

Visit the Word of the Day Archives and catch up on what you've missed!

 

FOLLOW US

TwitterRSS
About This E-Newsletter
This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for.
TechTarget

TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com

Copyright 2016 TechTarget. All rights reserved.

No comments: