Web Application Firewalls: Next Big Thing in Security

Web Application Firewalls: Next Big Thing in Security

Web application firewalls, an especially critical component of enterprise security, are even more effective when combined with other emerging security technologies.

Over the last few years, network attacks have subsided in favor of attacks by hackers on firewalls. Because of active SSL usage and booming attention to Web (cloud) storage, typical intrusion detection and intrusion prevention systems (IDS/IPS) solutions are not capable of analyzing traffic higher than the third level of the OSI model. That’s why Web applications have become the main arena for battles of hacking vs. security.

Web application firewall (WAF) protection appears to be the next key direction in IT/security development. With WAF deployment getting more and more active, the next step is to combine it with other technologies, such as dynamic application scanning testing (DAST) or the highly promising intrusion deception system.

Web Application Firewall (WAF)

WAF (Web application firewall) is a mechanism aimed at intercepting HTTP requests, such as SQL injections or regular-expression-based cross-site scripting (XSS). This technology works on the application layer (OSI Layer 7, the layer closest to a user), as opposed to the intrusion prevention system that functions on the network layer (aka OSI Layer 3).


WAF configuration allows users to block harmful content, and in this way prevent an attack, as well as identify an attacker. To apply WAF in the most relevant way, consider these key selection criteria:

  • Protection against OWASP Top Ten;
  • Very few false positives (i.e., never disallow an authorized request);
  • Power and ease of learn mode;
  • Types of vulnerabilities it can prevent;
  • Both positive and negative security model support;
  • High performance;
  • Brute force protection, etc.

Combination of DAST and WAF

The next leap in WAF development is a combination of DAST and WAF. Dynamic application security testing is an approach toward application scanning by means of which DAST-scanner-generated requests imitating a hacker’s activity are sent to the working service. A DAST scanner (Burp, OWASP Zed Attack Proxy) generates a report that serves as a basis for WAF signatures.

So, combining DAST with WAF, we can observe an interesting system:

  1. WAF initiates a DAST scan of the resource
  2. DAST scans the resource and generates a report
  3. WAF pulls report and extracts vulnerability data
  4. WAF correlates vulnerability data for protection

With this approach, updating the DAST scanner presupposes automatic WAF updates, if there are any malicious payloads not registered in the signature database yet. The effectiveness of such a combination would be enhanced even more by static security analysis.


To read the full article, please click here:


Cyber Security, Industry Updates & News