Web Application Firewall (WAF)

Published on: Mar 01, 2023

Web Application Firewall (WAF) is a security tool that monitors and filters incoming traffic to a web application. It sits in front of the web application and acts as a reverse proxy, inspecting each incoming request and blocking those that do not meet security policies. 

One commonly used set of security policies is the OWASP (Open Web Application Security Project) Rule Set. OWASP is a non-profit organization that aims to improve web application security by providing a comprehensive set of guidelines and tools. The OWASP Rule Set is a collection of rules that are designed to protect web applications from common attacks, such as SQL injection, cross-site scripting (XSS), and file inclusion vulnerabilities. 

The OWASP Top 10 is a list of the most critical web application security risks. It is updated every three years and the latest version, OWASP Top 10 – 2017, includes the following rules: 

  1. Injection: Injection attacks occur when an attacker is able to insert malicious code into a web application, such as SQL injection or command injection. These types of attacks can allow an attacker to gain unauthorized access to sensitive data or even take control of the entire system. 
  1. Broken Authentication and Session Management: This rule covers vulnerabilities that allow attackers to take over a user’s session or gain access to sensitive information. This can include issues such as weak passwords, session hijacking, and improper handling of session tokens. 
  1. Cross-Site Scripting (XSS): XSS attacks involve injecting malicious code into a web page, which can be executed by a victim’s browser. This can allow an attacker to steal sensitive information, such as login credentials, or even take control of the victim’s browser. 
  1. Insecure Direct Object References: This rule covers vulnerabilities that allow attackers to access sensitive data by manipulating URLs or other direct references to objects. This can include issues such as directory traversal or file inclusion vulnerabilities. 
  1. Security Misconfiguration: This rule covers vulnerabilities that occur due to improper configuration of web applications or servers. This can include issues such as open ports, default accounts and passwords, or outdated software. 
  1. Sensitive Data Exposure: This rule covers vulnerabilities that allow attackers to access sensitive data, such as credit card numbers or personal information. This can include issues such as poor encryption practices or lack of access controls. 
  1. Missing Function Level Access Control: This rule covers vulnerabilities that allow attackers to bypass access controls and access sensitive data or functionality. This can include issues such as weak authentication mechanisms or lack of role-based access controls. 
  1. Cross-Site Request Forgery (CSRF): CSRF attacks involve tricking a victim’s browser into performing an action on a web application without their consent. This can allow an attacker to perform actions such as money transfer, data deletion or even perform actions that can harm the victim’s reputation. 
  1. Using Components with Known Vulnerabilities: This rule covers vulnerabilities that occur due to the use of outdated or vulnerable software components. This can include issues such as using an old version of a web framework or a plugin that has known vulnerabilities. 
  1. Unvalidated Redirects and Forwards: This rule covers vulnerabilities that allow attackers to redirect victims to malicious sites or perform other unwanted actions. This can include issues such as open redirects or improper handling of redirects and forwards. 

 
At Softobiz, we understand the importance of securing web applications from a wide range of attacks. That’s why we use various application firewalls, including those provided by AWS and Azure, to protect our web applications. These firewalls provide a layer of security that monitors and filters incoming traffic, helping to prevent common web application attacks such as SQL injection and cross-site scripting (XSS). 

In addition to using cloud-native firewalls, we also follow the OWASP Top 10 rules during application development. This ensures that our applications are built with security in mind, reducing the likelihood of vulnerabilities and attacks. 

To further enhance the security of our web applications, we use Kong as an API gateway. Kong is an open-source solution that can be used to manage and secure APIs. By using Kong, we can intercept and monitor incoming traffic, providing an added layer of security for our web applications. 

We have also created custom plugins for Kong to intercept and monitor incoming traffic. These plugins are designed to protect the applications that are not using cloud-native firewalls. By using these custom plugins, we can ensure that all of our web applications are protected, regardless of the underlying platform or infrastructure. 

At Softobiz, we are constantly evolving our security practices to ensure that our web applications are protected from the latest threats. By using various application firewalls, following the OWASP Top 10 rules, and using Kong as an API gateway with custom plugins, we are able to provide our customers with the highest level of security.