Web Application Firewall
The web application firewall (WAF) is a specialized software designed specifically for web applications. It provides extra protection against common known weaknesses, such as SQL injection, XSRF, session management problems, etc.
WAF needs to process raw HTTP data (no HTTPS). WAF can be deployed as a standalone component or embedded. When embedded, it can be used inside of reverse-proxy (load balancer) where the communication is translated from HTTPS to HTTP for other reasons. Other embedded deployment is inside of the target application server where the communication is also decrypted. However, it is much easier to maintain WAF rules in one place instead of having WAF on target servers.
Benefits of the web application firewall:
- web application hardening (SQLi, XSRF, etc.)
- virtual patching (vulnerabilities fixed immediately without touching the target application, target application can be fixed later)
- HTTP traffic logging
- real-time application security monitoring
Challenges of the web application firewall:
- Performance impact on the web server (CPU and memory cost) and round-trip delay between request/response. It is not possible to say what the impact is as it needs to be measured. The result depends on the features and exchanging functionality for speed.