How Does A Web Application Firewall Protect Your Business’s Applications?

As businesses transition from traditionally-licensed enterprise software to software-as-a-service applications hosted in the cloud, the security of the application layer becomes ever more critical.

Protecting the application layer is often beyond the scope of traditional intrusion detection and prevention systems, which brings web application firewalls to the fore. A web application firewall helps protect HTTP-based applications from external attack by monitoring and filtering connections that appear suspicious.

SaaS interfaces present a clear risk to businesses. They’re an obvious target for criminals, presenting any number of opportunities for attack. Once an attacker gains access to a SaaS account, they may be able to exfiltrate sensitive user data. In the worst cases, SaaS vulnerabilities may allow an attacker to run code remotely or gain access to the underlying server environment. From there, it’s a short hop to the database and to other components of a company’s network.

In fact, SQL injection is often an attacker’s favorite technique. Most Software-as-a-Service applications allow some form of user input. Coding errors can give attackers the ability to inject unescaped SQL code via the app’s web interface or API.

The most common attacks against web applications are cross-site scripting attacks. In this case, a lack of proper escaping and input validation allows an attacker to embed JavaScript code that is loaded and run by clients that request the page. XSS scripting attacks are often used to steal authentication cookies, giving attackers access to, and potentially control over, a site.

Web application firewalls are intended to prevent attacks of this sort. A WAF monitors all incoming connections between HTTP clients and an application. They filter connections according to a configurable set of rules, including those capable of blocking most SQL injection and cross-site scripting attacks. WAF protection is particularly crucial for web applications that provide access to sensitive medical or financial data.

To consider a pertinent example, the popular WordPress plugin W3 Total Cache was recently discovered to have a serious cross-site scripting vulnerability. The plugin fails to escape content submitted to a support form as URLs parameters. If an attacker causes an admin user to open a crafted link with embedded JavaScript, the admin user’s authentication credentials are at risk of being stolen. It’s estimated that more than a million WordPress sites are vulnerable to this attack.

A Web Application Firewall is capable of filtering this type of attack by escaping attempts to inject JavaScript or dropping suspicious connections before they hit the application. Attackers are, of course, always looking for ways around the protection that WAFs offer, which is why it’s important to keep the firewall’s rules up-to-date.

A Web Application Firewall is an important component of a defence-in-depth approach to online security.

Steadfast makes a powerful Web Application Firewall available to its Managed Security clients.