If you are a website owner, particularly if you deal with sensitive information, private emails or accept web-based payments, a web application firewall can help keep your site secure.
A WAF is a type of firewall designed to check HTTP requests and block any that do not comply with a set of rules or are malicious. Designed for increased security, application-level firewalls catch cross-site scripting, SQL injection, denial-of-service attacks, directory traversal and other abuses of the HTTP protocol. Good-quality web application firewalls also watch for request forgeries, misuse of valid authorization and other attempts to manipulate the behavior of your web application.
A few different types of web application firewalls are available, including hardware solutions such as those made by Barracuda and software applications such as those from SiteLock and CloudFlare. If you want to learn more about these security devices, check out our articles about web application firewalls.
Web Application Firewalls: What to Look For
When looking for a web application firewall, look for one that easily integrates into your existing architecture and runs on a form factor that is easy to use and supported by your IT department. There are many application-level firewalls to choose from that feature different architectures and form factors.
Also known as active configuration, this type of architecture places the WAF directly in the path of traffic between the browser client and the web application server. Once installed, it inspects all requests and responses before allowing them through.
Tap or Span Architecture
With this architecture, also known as passive configuration, the WAF remains out of the path of traffic and uses a tap or span port to monitor it. This type of configuration is useful when collecting information intended for forensic or investigatory analysis.
New and Emerging Architecture
With the introduction of cloud computing and virtualization, new architectural models of web application firewalls have become necessary. Cloud-based versions intercept traffic before it enters the network, or cloud server. To protect virtual environments, Adaptive Internet Protocol or another service monitors activity so that the WAF is able to see the traffic.
Form factor determines the design of the web application firewall and what the customer purchases. Many WAFs offer multiple options, and you should choose the one that you or your company is most comfortable using. The different types of form factor include software only, appliance, hardware and host.
A web application firewall helps to ensure that your website, the information on it and any customer data remains safe and secure from denial-of-service attacks, potential hackers and other malicious activity. When looking for the best WAF to purchase, don't simply look at the price; consider the form factor, architecture, options and features to ensure that you get the best application security for your specific needs.
AppliCure DotDefender Review
DotDefender by AppliCure is an enterprise-class, application-layer firewall that offers security for websites and web applications. It protects against numerous security issues, such as hacking attacks and data loss.
Many websites contain vulnerabilities that make them defenseless against SQL injection, cross-site scripting, path traversal and numerous other types of exploits. This application-level firewall provides IIS and Apache server security across cloud, VPS and dedicated environments to prevent attacks.
This web application firewall ensures that your server is protected at all times. The WAF controls all traffic going into and coming out of the server while monitoring every layer, such as HTTPS, HTTP, XML-RPC and SOAP, for suspicious activity.
Websites that collect credit card data over the internet are particularly at risk from path traversal exploits and denial-of-service attacks. Without appropriate application security, websites are susceptible to stolen user information, stolen user sessions and being flagged as malicious by search engines. This is why it is vitally important that your business website have a web application firewall such as DotDefender.
The software that runs on this web application security program concentrates on the requests going in and out of the server and the impact they have on the application. It also uses pattern recognition to identify and prevent threats such as zero-day exploits and session protection to help avoid impersonation. DotDefender also uses an extensive signature knowledgebase to block known attackers and vulnerabilities.
DotDefender is easy to install on both IIS and Apache servers, and it provides in-depth security against known, unknown and new hacking attempts. It can be installed in roughly 10 clicks by someone with little or no security training and is extremely easy to use. It comes with preinstalled security rules to ensure instant protection for your web applications, requires no additional hardware for installation and integrates easily into your existing system. However, AppliCure does not offer many customer service options, which makes is a downside for firewall novices.
With its ease of use and comprehensive protection, AppliCure's DotDefender web application firewall is a worthy consideration for your business. However, it does not come with many customer service options.
The Barracuda Web Application Firewall Vx offers complete protection from application-layer distributed denial-of-service (DDoS) data loss, as well as protection against both known and formerly unknown zero-day application-layer modalities.
With advanced DDoS protection, this web application firewall uses IP reputation and heuristic fingerprinting to separate real users from botnets, allowing administrators to block, challenge or throttle any suspicious traffic. Currently, this is the only product of its type to offer intelligence that can combine real-time and historical situations and insights to protect against application DDoS attacks.
In many cases, one of the first steps of an attack involves probing public applications to try to discover what software and hardware is underneath, such as servers, operating systems and databases. This firewall includes server cloaking, which is a feature that prevents probing of protected applications by preventing error messages, server banners, HTTP headers, debug information, return codes and back-end IP addresses from getting to a potential hacker.
This application-level firewall features automatic updates and virtual patching of units in the field. This feature means a greatly reduced time frame between discovering new vulnerabilities and patching or updating, ensuring complete protection and the highest level of security at all times.
The Barracuda WAF Vx includes access control and authentication abilities that restrict access to your most sensitive data or applications to users you authorize. This offers increased levels of privacy and security. This type of application security also performs detailed logs that allow you to see user activity across all your protected applications.
Designed for easy installation and setup, this web application security can provide immediate protection. It easily integrates with most existing security tools and deploys easily into existing environments. Once installed, it begins providing alerting, logging and reporting for compliance, management or early-warning detection. Furthermore, Barracuda is the only company that currently offers a free cloud-based management solution to help customers manage their applications.
This application firewall checks all inbound traffic for attacks and outbound traffic for sensitive data. It identifies different types of personal information, such as credit card numbers, Social Security numbers and other types of custom patterns, and either masks or blocks without the need for any administrator interaction.
The Barracuda Web Application Firewall Vx is reasonably priced and available as both an appliance-based and a virtual firewall. With its ease of use, complete protection and one-of-a-kind features, it is a firewall worth considering for your business.
Citrix NetScaler Review
The Citrix NetScaler AppFirewall secures websites and web applications, blocking both known and unknown attacks. This web application firewall uses a hybrid security model that only allows correct behavior and protects against application vulnerabilities.
The hybrid technology used in this application-level firewall blocks all day-zero and known application-layer attacks. This technology considers any behavior that strays from the norm a potential threat and immediately blocks it. This application security also scans thousands of automatically updated signatures for an additional layer of security.
When you use this web application firewall, your website and applications are secure from malicious software, vulnerabilities and attacks, such as cross-site scripting, SQL injection, cross-site forgery, XML security, data theft and buffer overflow.
The AppFirewall complies with all PCI DSS rules, making it a secure choice for an online store. The mandates included with the PCI DSS rulings include denying traffic from untrusted networks and hosts, masking or blocking of customer account numbers to prevent theft, protecting encryption keys against misuse and disclosure, using strong security protocols and cryptography, and auditing and correcting application code vulnerabilities or implementing a web application firewall.
Setting up this application firewall is quick and easy. Placed in the application data path, in front of web servers, NetScaler AppFirewall watches traffic going in and out of the server. It can even keep track of SSL-encrypted traffic without needing any application modifications. This web application security integrates with all Citrix products and meets the security and performance needs of IT and end users.
The Citrix NetScaler AppFirewall is quite expensive, but it offers protection from a wide range of malicious software and attacks. It also provides strong security for businesses with online stores.
CloudFlare Pro is more than just a web application firewall. It is a content delivery network that takes advantage of web server technology, network routing and hardware to protect and accelerate websites.
Once you sign up for CloudFlare Pro, your website becomes part of its community. This means that all traffic is routed through the CloudFlare network to ensure your visitors get a fast load time and increased performance. Additionally, the network-based application blocks malicious threats and stops bots and crawlers from accessing your resources or using your bandwidth. As this is a network-based firewall, anyone with a domain and a website can use this app, regardless of the platform used. In most cases, setup only takes a few minutes and requires a small change to the domain's DNS settings.
The web-based interface is very easy to use, and it allows you to set how aggressively you want it to enforce your security settings. Using this application firewall, you have the option to challenge, block or simulate an attack. If you choose challenging and blocking, this WAF blocks all traffic it recognizes as illegitimate.
CloudFlare's web application firewall quickly stops any malicious traffic and attacks at the network level, before they ever reach your website's servers. Its technology easily integrates with both desktop and mobile websites and applications. This firewall app protects against numerous threats, including cross-site scripting and request forgery, comment spam, SQL injection, and denial-of-service attacks. It can also protect your website against application-specific attacks, such as on CoreCommerce and WordPress.
By default, this web application security runs the OWASP ModSecurity Core Rule Set, ensuring protection against the top 10 common vulnerabilities listed by OWASP, and the CloudFlare rule sets. This web application firewall is easy to customize, allowing you to extend the range of protection as needed. This app allows you to integrate new rule sets as experts develop them, import existing rule sets, and even write your own custom rule sets if you upgrade to the Business and Enterprise options.
The CloudFlare Pro web application firewall integrates utilities to secure and speed up your website. It is also easy to use and customize to your website's needs.
Imperva SecureSphere Review
The SecureSphere X1010 web application firewall is a hardware device that prevents data breaches, stops website attacks and reduces downtime. Using a combination of many defense strategies, SecureSphere can find and block attacks while still allowing customers access to the website.
Using a technology known as dynamic profiling, the SecureSphere X1010 application firewall can generate a list of acceptable user behavior. That technology, along with correlated attack validation, ensures that this firewall app differentiates legitimate customers from potential attacks.
Unfortunately, hackers write or manage to find new malware and exploits on a regular basis. This makes it important that an application-level firewall downloads regular policy and signature updates. This device gets its updates from the Application Defense Center, so you get the most up-to-date and complete set of policies and signatures in the industry.
This application security device uses a technology known as ThreatRadar Reputation Services. This technology can detect visitors using anonymous proxy servers to hide their identities. It also identifies users from IPs with reputations of being malicious sources, IP geolocation data and phishing URLs. This WAF technology delivers a real-time defense against attacks and their sources, helping you protect your website's sensitive data and maximize uptime.
Another feature of this web application firewall is its ability to protect you against business logic attacks. These attacks can ruin a website's reputation by exploiting the logic of applications and posting spam in forums and message boards. Business logic attacks can also scrape web content or completely disable access to your site. All of this can significantly frustrate customers and reduce your competitive edge.
In many cases, application vulnerabilities leave a website open to attack for weeks or even months. The SecureSphere X1010 application-level firewall easily integrates with application-scanning software for virtual patching, creating custom policies to fix vulnerabilities and importing results of assessments. This significantly reduces the amount of time you are exposed to attack and your patching costs.
Another feature of this web application security is comprehensive report generation. These graphical reports allow you to analyze threats and ensure you meet compliance requirements. You can set the reports to be emailed daily, weekly or monthly, or you can simply request one whenever you feel you need one.
This reasonably priced web application firewall includes a number of useful options and features, making it worth looking into for your business needs.
The web application firewall from SiteLock SecureSite offers an advanced level of protection for your website. By evaluating traffic based on location, behavior and what information it asks for, it determines who and what can access your site.
Built using advanced technology, this application security gives you complete control over your website. It determines what types of exchanges your website visitors can have, and it identifies and blocks many forms of attack.
This software-based application-level firewall is easy to use and is typically set up and running within about five minutes. Once you set up this firewall app, it ensures that your website and its traffic are safe from malicious visitors. It also ensures that your proprietary information and all customer and visitor data are safe from spammers and scrapers. The targeted attempts this web application firewall blocks include cross-site scripting, CSRF, RFI and XSS. Other security measures include blocking attempts from all OWASP top 10 weaknesses; blacklisting of IP addresses, web clients or entire countries; and advanced handling on every level.
Another feature this web application security program includes is website acceleration, delivered through SiteLock's worldwide delivery network that uses content optimization technologies to increase the performance of your website. This ensures that your pages load quickly and improve your search engine rankings. If your website includes a blog, you know that spam can be a problem. This application firewall eradicates almost all spam, and the automatic scanning technology identifies any spammy links that come through.
The SiteLock firewall app protects websites from malicious bots based on behavioral analysis and IP reputation. This protects you from the mass malware and virus infections that periodically occur. It also helps you distinguish human traffic from bot traffic, identifying which bots visited and allowing you to quickly determine whether the site is about to be attacked or was simply checked out by a search engine such as Google.
The SiteLock SecureSite web application firewall is a reasonably priced software-based application. With its complete protection, ease of use and additional features, it is a firewall worth looking at for your business.