What Is A Web Application Firewall (WAF)

In the world of cybersecurity, Web Application Firewalls (WAFs) are like strong shields that protect websites from online dangers. This look into FortiWeb, a powerful tool for web safety, helps you understand WAFs better. We'll explore what WAFs do and how FortiWeb adds extra security to websites. This information will help you make your websites safer from online threats.

What is a WAF?and how does it work?

WAF (or Web Application Firewall) is a firewall that monitors, filters and blocks http traffic between a web application and the internet.

It works by analyzing the HTTP conversations (Mainly the GET and POST requests) and adhering to a set of policies to decide if the traffic goes through or not. It has three methods to decide the nature of the traffic (safe or malicious):

1.????Whitelisting (Negative security model): the WAF has a list of IP addresses that are known to be safe (pre-approved), if the request is sent by one of these addresses, then it goes through, if not then it’s blocked.

• Advantages: Whitelisting is less resource-intensive, and it can block new or unknown attacks.
• Downsides: It could block safe traffic, it is imprecise.

2.????Blacklisting (Positive security model): it is based on up-to-date signatures against known vulnerabilities that defines what traffic the WAF denies. It's a list of rules that indicate malicious packets.

• Advantages: it easier to implement.
• Downsides: It is more resource-intensive, and it might let a malicious packet go through.

3.????Hybrid security: It uses elements of both blacklisting and whitelisting at the same time.

A WAF operates as a reverse-proxy, ensuring the server remains shielded from potential exposure. Clients are directed through the WAF prior to reaching the server, bolstering its security.

There are three types of Three Types of WAF Solutions:

1- Network-based WAF :

• Hardware-based and local installation to reduce latency.
• Highest cost due to physical equipment and maintenance.
• Offers robust protection but comes with a significant expense.

2- Host-based WAF:

• Integrated into application software, cost-effective compared to network-based WAF.
• Offers customization but consumes local server resources.
• Implementation and maintenance complexities may incur additional costs.

3- Cloud-based WAF:

• Affordable and easy to implement, simple DNS redirection.
• Minimal upfront cost, paid monthly/annually as a service.
• Automatically updated protection against latest threats.
• Relinquishes control to a third party, potentially limiting understanding of WAF features.

What is FortiWeb?

“FortiWeb defends web applications and APIs against OWASP Top-10 threats,?DDOS attacks, and malicious?bot attacks.?Advanced ML-powered features improve security and reduce administrative overhead. Capabilities include anomaly detection, API discovery and protection, bot mitigation, and advanced threat analytics to identify the most critical threats across all protected applications.” [1]

Fortiweb addresses the key challenges that organizations face when deploying Internet facing web applications:

1-???Web application protection:

From OWASP top-10 attacks and DDOS attacks, it uses machine learning that contains two layers: one to check if the request is an anomaly and the second to check if the anomaly is an attack, to eliminate noise samples and reduce false positives, and it also does that by continually updating attack signatures and detection algorithms.

2-???Bot mitigation:

Your web application interacts with both safe and malicious bots, the challenge is to differentiate between them without impacting the performance of the web services.

For that Fortiweb offers features such as:

• Bot Deception: it involves embedding hidden links within HTML responses from a protected web server, which are invisible to regular users but are designed to attract and identify malicious bots like web crawlers. When these bots interact with the hidden links, FortiWeb detects their presence, logs the interaction, and applies appropriate security measures, while legitimate user experiences remain unaffected.
• Biometrics based detection: it monitors user’s events, such as mouse movement, keyboard, screen touch, scroll …
• Threshold based detection: identifying various scan types using thresholds such as occurrence, time period, etc.…
• Mobile application identification: it verifies the JTW-token that a mobile application carries when it accesses a web server. The feature is particularly valuable for mobile clients that are unable to execute JavaScript or complete CAPTCHA challenges.

3-???Fortiweb API Protection:

In traditional web applications the processing takes place on the server itself, the client’s browser will just render the HTML, but this traditional method is being replaced by API-based applications that rely on more powerful clients to process raw data, this provides a better overall performance and user experience.

This expands your attack surface and creates more vulnerabilities, to protect against that Fortiweb provides the following features:

• API Gateway: Used to control and secure all access to you APIs, by defining API users, verifying API keys and perform access control and so on.
• Mobile API protection: Fortiweb verifies the authenticity of mobile device to protect mobile API from malicious attacks.

In Conclusion, Web Application Firewalls (WAFs) like FortiWeb play a vital role in cybersecurity by safeguarding websites against online threats. FortiWeb's robust features, from anomaly detection and bot mitigation to API protection, enhance web safety. By employing diverse methods such as whitelisting, blacklisting, and hybrid security, FortiWeb provides a multi-layered defense, reinforcing the security posture of web applications. In an ever-evolving digital landscape, FortiWeb stands as a stalwart guardian, equipping organizations with the tools needed to bolster their online defenses and counter a range of potential vulnerabilities effectively.

By: Karim Abdelkader Belhadj