The defender may also have vulnerabilities. The firewall is not omnipotent.

Firewall alone is no longer enough to protect online assets. Today, hackers and their attack strategies are becoming more and more savvy and dangerous. One of the major threats is application-layer attacks, which can sneak into the firewall until the Web application is penetrated. Yes, many of these attacks like to target valuable customer data. So why can't common firewalls stop such attacks? Because such attacks pretend to be normal traffic, there are no extremely large data packets, and there is no suspicious mismatch between the address and content, the alarm will not be triggered. One of the most frightening examples is SQL injection ). In this attack, hackers use one of your own HTML forms to query databases without authorization.

Another threat is command execution. As long as the Web application sends commands to the shell, the hacker can execute commands on the server at will. Other attacks are relatively simple. For example, HTML comments often contain sensitive information, including the logon information left by uncautious programmers. Therefore, the attack methods against the application layer, from tampering with coOKIes to modifying the hidden fields in the HTML form, depend entirely on the hacker's imagination. But the good news is that most of these attacks can be completely blocked. If combined, the two complementary solutions can provide a solid defense line. First, use the application scanner to thoroughly scan your Web application and find vulnerabilities. Then, you can use the Web application firewall to prevent criminals from intruding into the application scanner. Basically, you can launch a series of simulated attacks on your server and then report the results. KaVaDo ScanDo, Sanctum AppScan Audit, and SPI Dynamics provide comprehensive functionality in listing defects and recommended remediation methods. AppScan Audit is particularly worth noting because this product has the post-event check function that can help programmers detect vulnerabilities when coding. However, these toolkits do not have a comprehensive review comparable to security professionals. Once you try to block the vulnerability, the next step is to deploy the Web application firewall. This type of firewall works in an interesting way: Find out how the normal traffic goes in and out of the application, and then find out the abnormal traffic. Therefore, WAF must check data packets more deeply than normal firewalls. Heck int is the most famous in this regard, but other vendors such as KaVaDo, NetContinuum, Sanctum, and Teros are relatively less famous. Some of these firewalls adopt software, some adopt hardware, and some adopt both. But do not mistakenly think that this type of firewall is plug-and-play, even if you use hardware. Like the intrusion detection system, you must also carefully adjust the Web application firewall to reduce false positives and prevent attacks from intruding into the firewall.

Due to spam and increasingly tricky attacks, if you think that installing the firewall is all right, you should think about how to deal with it. (