Jump to content

Web Application Firewalls

Web Application Firewalls are considered a special case of classical protection software and are mainly used to defend against attacks on web applications. They are also known as Web Shield or Application Layer Gateway.

The web application firewall monitors the communication on the application-level and detects intrusion attempts like SQL- and command-injection, cross-site scripting. It blocks malicious attempts and protects the application from damage or other undesirable behavior.

A preliminary learning phase is often used to prevent unnecessary interference with the normal operation. The web application firewall can be operated in a purely passive fashion, in which unallowed actions e.g. are just written to a log file.

On the basis of this log file, it can be decided whether the web application firewall works as expected or additional rules need to be defined.

Once put into operation, the web application firewall simultaneously protects all applications located behind it. This also applies to closed source applications like software from third party providers or for unmaintained legacy systems.

Despite these advantages, you should never blindly trust protection software or regard it as a replacement for secure programming. Filter rules need to be constantly updated and log files regularly checked for anomalies.