The WAF is a tool for cybersecurity and web application protection.
“Firewall” means a “wall” protecting a computer system. Its function is to analyze the passing traffic, determining whether to accept or reject it based on the information it has about the data.
There are both hardware and software WAFs. The latter are very light and do not alter the performance of the IT system, but do not provide high levels of protection as the former do.
What attacks can they protect us from?
WAFs protect against all known web attacks, such as SQL Injection, Cross-Site Scripting, XML injection, Remote Command Execution, Remote File Inclusion.
How does this technology work?
The device proceeds to analyze the HTTP/HTTPS traffic passing through our web services exposed on the network and, through the use of specific signatures, logical rules and whitelists/blacklists, decides whether this traffic can be considered legitimate or malicious.
In the case of malicious traffic, the WAF will block it and notify the IT analysts with an alert.
Third generation of WAFs
We are currently in the third generation of WAFs for logic-based discovery. This generation combines several techniques, including blacklisting, whitelisting, and packet analysis to identify and logically categorize attacks. Thanks to this technique, the number of false positives is enormously reduced and there is the possibility of more easily revealing the presence of characteristic attacks that try to bypass the signatures present on the firewall.
WAF and Cloud
The cloud focuses on the provision of services via the internet. The resources necessary to use the service are provided by the service vendor and the client will only have to install its application and use it.
In the current market there are various cloud WAF solutions, all consisting of the provision of web application monitoring services.
