GDKHOST.NET

Website Security

What is a web application firewall (WAF) and how does it work?

Web application firewall (WAF) is a set of monitors and filters designed to protect web applications from various attacks. The primary purpose of a WAF is to detect and block network attacks at the application layer of the OSI model. Such attacks include cross-site scripting (XSS), SQL injection and brute-force attacks. The main goal of such attacks – to gain access to your valuable data and/or disrupt the correct operation of a web application. Although a web application firewall is not an absolute defense against such attacks, a properly configured WAF can defend against most types of known web application attacks.

The web application firewall protects your web application using the following basic security methods:

  • Signature Analysis.
    This is the primary method of protection for most WAFs. The web application firewall has some database of signatures to compare, the so-called malicious traffic dictionary. If a match with one of the signatures corresponding to malicious traffic is found in the analyzed traffic, the WAF blocks the request.
  • Filter IP addresses by their reputation.
    WAF analyzes the presence of the IP address, from which the request came, in the white and black lists of IP addresses and domains, and based on these data decides to block.
  • Behavioral Analysis.
    A relatively new attack detection method that is based on machine learning. It allows to reject not only known attacks, but also zero-day attacks by analyzing behavior at deep levels of understanding.