Mapping the OWASP Top 10 to Web Application Isolation

WAI and the OWASP Top 10

Security is a key strategic requirement for any modern business.?With business activities increasingly shifting to web apps, securing their operations is essential. Yet web Application Firewalls (WAFs) – the solution most businesses depend on -- were designed and architected in the 90s to solve for different application access scenarios than today’s. As a result, they fail to address the issues, as needed, to secure application operations in the wilds of the internet.?

Web Application Isolation

Web application isolation (WAI) takes a different approach to protection applications and the data within them, successfully addressing areas where WAFs fail. WAI inverts remote browser isolation to airgap networks and apps from malware on user devices, and applies granular user-level policies to control which applications each user can access, how, and which actions are permitted for each user, in each app. SaaS and web application access may be restricted to specific IP addresses.

Some WAI solutions require dedicated software or agents to be installed on every device. Cloud-based solutions that require no endpoint agents are ideal, not only because they are more convenient but also because web app security is most essential for workers whose devices are unmanaged, like 3rd party contractors.

Meeting the OWASP Top 10

As globally recognized criteria for web application security, the OWASP Top 10 is an ideal framework for helping security leaders and operators understand and assess the WAI approach.

Below, I’ve concisely mapped the WAI approach, value proposition and benefits to best practices for the OWASP top 10.?By understanding, in detail, the WAI approach, you can see that the model deals with primary areas of threat in an innovative way and that hands down, WAI is a more valid approach to web security and application security than WAFs.?