How Web application firewall provides protection for customers

What is Web application firewall?

Web application firewall is designed to protect web-based applications. Unlike traditional firewalls, it monitors and blocks data packets based on internet addresses and port numbers. A standard port number corresponds to a network application type. For example, telnet receives packets sent to port 23, and the mail server receives packets sent to port 25.

The traditional firewall allows data to be sent to the corresponding Internet address of the email server, so that data packets can be sent to the destination through port 25. Sending data packets to an Internet address or port 25 of the email server system is an attack. The firewall blocks these packets.

The Web server should transmit data packets through port 80. Therefore, all data packets sent to support port 80 of the web server system must be allowed to pass through the firewall. Traditional firewalls cannot determine whether a packet whose address points to the correct address contains threats. However, Web application firewall can carefully check the packet content to detect and prevent threats.

How can Web applications be attacked?

Hackers constantly develop new methods to gain unauthorized Web application access, but there are also some common technologies.

SQL Injection: Some Applications create database queries by copying Web client input. Hackers construct strings that are not carefully checked and rejected by some applications to obtain the returned confidential data.

Cross-site Scripting: a hacker inserts script code (such as JavaScript or ActiveX) into an input string, causing information such as the user name and password to be leaked on the Web server.

Operating System Command Injection: Some applications use web Input to create operating system commands, just like accessing a file and displaying the file content. If the input string does not have a careful check mechanism, hackers can create input to display unauthorized data, modify files or system parameters.

Session hijacking: hackers obtain the right to log on to a session by guessing the content of the session Token Based on the token format knowledge. This allows hackers to take over sessions and obtain the original user account information.

Tampered parameters or urls: web applications usually embed parameters and URLs in the returned web pages, or use authorized parameters to update the cache. Hackers can modify these parameters, URLs, or caches so that the Web server returns information that should not be leaked.

Buffer overflow: the application code should check the length of the input data to ensure that the input data does not exceed the remaining buffer and modify adjacent storage. Hackers will soon find that the application does not check for overflow and create input to cause overflow.

This article introduces how WAF provides protection for customers. Next, we will continue to introduce how WAF provides protection for customers.

1. Web applications and Web Application Firewall
2. What can we do to save the increasing security of Web applications?
3. Network security product review for Web applications and Web application firewalls