Web Application Firewall - site protection against hacker attacks

Web Application Firewall is an application-level firewall designed to detect and block modern attacks on web applications, including using zero-day vulnerabilities:

• SQL Injection - sql injection;
• Remote Code Execution (RCE) - remote code execution;
• Cross Site Scripting (XSS) - cross-site scripting;
• Cross Site Request Forgery (CSRF) - intersite request forgery;
• Remote File Inclusion (RFI) - Remote Inclusion;
• Local File Inclusion (LFI) - local inclusion;
• Auth Bypass - authorization bypass;
• Insecure Direct Object Reference - insecure direct object links;
• Bruteforce - password selection.

The main purpose of WAF is to protect the web application from unauthorized access, even in the presence of critical vulnerabilities.

Today, the high cost of information processed in the processing of web applications, coupled with the threat of hacking increases the risks of information security companies. Under these conditions, a natural question arises: what should be done to protect web applications? Countermeasures can be implemented at two stages of an application's life — development and operation. At the design stage, they are various security testing tools: static, dynamic, interactive analysis. If we talk about the security of an application that is already in use, it is proposed to use overlay protection — intrusion prevention systems, next-generation firewalls (Next Generation Firewall, abbreviated NGFW), as well as application-level traffic filtering tools specifically targeted at web applications. Firewall, abbreviated WAF). Application Web Application Firewall is traditionally considered the most effective approach to the protection of web resources. One of the fundamental factors here is highly specialized development.
')
General requirements for modern Web Application Firewall:

• WAF system components must comply with PCI DSS requirements;
• ability to respond to threats described in the OWASP Top Ten;
• inspection requests and responses in accordance with the security policy, event logging; data leakage prevention - inspection of server responses for critical data;
• the use of both positive and negative security models; inspecting the entire contents of web pages, including HTML, DHTML and CSS, as well as the underlying content delivery protocols (HTTP / HTTPS);
• Inspecting web service messages if the web service is connected to the Internet (SOAP, XML);
• inspecting any protocol or data design used to transfer web application data, regardless of whether it is proprietary or standardized (for both inbound and outbound data streams);
• protection against threats directed directly at WAF;
• support SSL \ TLS-connection termination;
• preventing or detecting session identifier forgery;
• automatic download of attack signatures updates and their application;
• ability to set fail-open and fail-close;
• the device supports client SSL certificates;
• support for hardware key storage (FIPS).