Does Web Application Firewall Software Really Work?

Surely, a lot of enterprise firewalls have been put into it, but Tencent T-SEC WE can help enterprises achieve their own security protection and become a leader in software.

With the rapid development of information technology and network applications, the types and numbers of web-based applications are also increasing. Various attack methods, such as SQL injection, cross-site scripting, and web page trojans, pose great threats to web applications and put forward higher requirements for the protection capabilities of web application firewalls.

DPtech WAF3000 series web application firewall provides a full range of security protection for web applications, and can provide corresponding protection strategies for pre-scanning, in-process attacks, web page tampering and information theft after the event, which fully protects the security of users' web applications and allows users to calmly deal with current web application threats.

Nowadays, there are a lot of web application firewalls, if you look at your requirements, there are basically two choices:

1. Imperva has high protection ability, medium and high performance, and average ease of use, this is a foreign brand, ** is very expensive, our school has used it for a period of time, and finally gave up on the problem of funding.

2. YXLINK WAF (Iridium Web Application Firewall), high protection capability, high performance (measured seems to be faster than Imperva), easy to use, this is a domestic brand, ** slightly higher than other domestic manufacturers, but just within our quota.

Another: We have tested a total of 7 at home and abroad, some of them go up and hang up directly, some of the cards are fatal, and the most important thing is that they can't prevent attacks, so I won't say the specific brand.

To make use of an internationally accepted statement:

In general, the Web Application Firewall has the following four major functions (refer to WAF Primer, with some deletions and adaptations).

The value of a web application-layer firewall.

1. Provide a secure web business environment.

Breaking through the limits of traditional security products, Web Application Firewall not only protects against known well-known vulnerabilities, but also provides in-depth and all-round protection against unknown vulnerabilities in private web application business systems.

2 Web service vulnerabilities are minimized.

Because the web application firewall can protect unknown web vulnerabilities, even if there are unknown vulnerabilities in the user's private web application system, they will not be exposed to the attacker's attack range.

3 Reduce web service costs.

According to the U.S. Department of Defense, there are usually 5 15 vulnerabilities in every 1,000 lines of web**, and it usually takes 2 to 9 hours to patch one vulnerability. For an organization with 1,000 servers, it was reported that it took $300,000 a week to find and patch vulnerabilities, and the investment was constantly increasing.

It can be seen that in order to provide secure and stable web services, users need to invest extra and huge investment.

Protection against various web attacks, such as SQL injection, XSS cross-site, CSRF, web backdoor, and other automatic attacks: such as brute-force cracking, credential stuffing, batch registration, automatic posting, and other HTTP and HTTPS protocol parsing and filtering, such as identification and parsing of different protocol versions, and protocol parameter length limitations.

Other common threats to the organization, such as crawlers, zero-day attacks, analysis, sniffing, data tampering, unauthorized access, sensitive information leakage, application-layer DDoS attack protection, remote malicious inclusion, hotlinking, scanning, etc.

Other management and auditing functions, such as security configuration, log analysis, report statistics, etc.

Some of the common features of a web application firewall are as follows. Patching web security vulnerabilities is the biggest headache for web application developers, and no one knows what kind of vulnerabilities will appear in the next second and what kind of harm will be brought to web applications. Now the WAF can do the work for us - with comprehensive vulnerability information, the WAF can block the vulnerability in less than an hour.

Of course, this way of masking vulnerabilities is not perfect, and not installing the corresponding patch is a security threat in itself, but in the absence of a choice, any protection is better than no protection at all.

Note: The principle of timely patching can be better suited for XML-based applications where the communication protocols are prescriptive. )

Rule-based protection and anomaly-based protection.

Rule-based protection provides security rules for a variety of web applications, and WAF producers maintain this rule base and update it from time to time. Users can follow these rules to detect all aspects of the app. Other products can build models based on legitimate application data and use this as a basis to determine anomalies in application data.

However, this requires a very thorough understanding of the user's enterprise application, which is very difficult in reality. WAF also has a number of security enhancements that can be used to address the problem of web programmers placing too much trust in input data. For example:

Hidden form field protection, anti-intrusion evasion technology, response monitoring, and information leakage protection.