How to Protect Web Applications From Hackers

In recent years, government agencies and commercial organizations have increasingly begun to use web applications. But with the growing number of web applications, the cyber threats aimed at them have grown too. Companies began to pay increasing attention to information security.

Indeed, the hacker attacks are becoming more ambitious, and therefore more damaging. According to a report from Forrester research firm, three sectors are the most vulnerable: government agencies, the retail business and technology.

The companies operating in these areas are very attractive to fraudsters because they operate with a large amount of data on users’ personal information.

Large international initiatives are aimed at protecting personal data. For all companies that work with European users, it’s, for example, the GDPR. For violation of the rules established by the GDPR, significant fines are imposed, thereby the companies are doubly interested in the high reliability of their clients’ data protection just to avoid costs.

The scale of information security threats
Some facts about the situation in the field of information security:
  • Hacker attacks happen every 39 seconds.
  • The scale of DDoS attacks increased on average by more than 500%.
By 2021, the annual spending on cybersecurity around the world is expected to reach over 1 trillion dollars. While the cost of cybercrime by this time will have risen to 6 trillion per year!

Many people may still remember the viral spread of Petya and WannaCry, which encrypted all the files on a computer and threatened to destroy them unless a ransom is paid. Some experts came to the conclusion that the ultimate goal of these viruses was not so much a buy-back, as a massive system failure, because it results in the company ‘s much greater losses, which plays into the hands of its competitors.

The absence of the uniform standards in web programming leads to faults and vulnerabilities in software development, which a hacker will not fail to exploit for mercenary purposes. And this, in turn, leads to company costs: leaks of confidential data, theft of intellectual property, delayed business processes and reputational losses.

WAF – protection of web applications from cybercriminals

However, the action gives rise to counteraction. One should exercise a comprehensive approach in attacks prevention, observed throughout the entire life cycle of the web application. During development, special attention should be paid to the testing and ethical hacking, which helps to identify and eliminate the key vulnerabilities. During operation, the application will be guarded by special means of protection. The installed antivirus and firewall will not be enough to save the application.

Usually, a new generation firewall, NGFW, is used as a sword & shield for intrusion prevention and traffic filtering for applications (WAF – web application firewall). The difference between them is that NGFW controls access of external applications to enterprise data, whereas WAF protects user applications on internal servers by analyzing data transmitted via HTTP and HTTPS protocols. It is WAF that can provide an in-depth analysis of packet data content, and take into account the features of the structure of web applications, which provides real-time protection and monitoring of applications, and has the functionality to block both known attacks and zero-day attacks.

Features of WAF technology

Maximizes detection and detection rate for known and unknown threats;
Minimizes false alerts (false positives) and adapts to constantly evolving web applications;
Distinguishes automated traffic from real users and applies appropriate controls for both traffic categories;
Provides deeper analysis and implementation due to ease of use and minimal impact on performance;
Automates incident response workflow to help the web application security analysts;
It protects both mass open and internally used web applications and APIs.

Compare 7 WAF leaders of the Gartner Magic Quadrant by characteristics

Numerous WAF solutions cater to every whim on the market. To choose a product that will be ideally suited specifically for your company, you should pay attention to the functionality – different vendors have slightly different services. Below is an overview of the market leaders of WAF software solutions, devices and cloud services, defined by the Magic Quadrant for Web Application Firewall in 2018. More detailed information about them can be obtained in the WAF comparison table on ROI4CIO, where you can compare 28 WAF by 32 characteristics.

And in this review, we will try to highlight the main properties and advantages of the 7 most popular of them.

Akamai Kona Web Application Firewall

Akamai’s Kona Web Application Firewall (a cheaper trimmed version of Kona Site Defender) is suitable for customers who need the WAF cloud service, especially when customers are already using Akamai as a CDN. A relatively expensive product, though, developed by a 7,500 strong Cambridge company, whose development team deals exclusively with the security of web applications.

Akamai provides a controlled SOC capable of tracking the incidents. The manufacturer applies automatic analytics and sorting of all the traffic that it processes, so that customers might set up their signatures and collect threat information to create new means of protection.

Since WAF Akamai is only available as a cloud service, for organizations that simply dislike cloud security solutions, or when evaluations of the would-be customers determine that compliance and regulatory restrictions restrict its use, Akamai will not be the answer.

Kona Web Application Firewall from Akamai on the site of the vendor

Barracuda Web Application Firewall

Barracuda Web Application Firewall is a comprehensive system designed to ensure the security of web applications and sites for medium-sized businesses. The product is a powerful deterrent against attackers who exploit vulnerabilities in protocols or applications for data theft, service disruption, or website defacing. The WAF line is available from a vendor for physical or virtual devices, and it is also available on Microsoft Azure, AWS and Google Cloud Platform (GCP) platforms. With the release of the WAF 1060, the Barracuda now supports bandwidths of up to 10 Gbps.

Barracuda remains one of the best WAF in Microsoft Azure. Barracuda Cloud WAF, as a service, includes protection against DDoS at no extra charge. Technical support is highly appreciated by customers.

The user interface is rated by users as user-friendly. And here is good news for Russian speakers – the solution from Barracuda WAF has not only English, but also a Russian interface.

The product from Barracuda is able to protect against the following attacks: SQL code injection, cross-site scripting (XSS), session forgery and buffer overflow, and also prevents theft of information by monitoring all outgoing data for any secret information leaks (bank account numbers, personal user information, passwords and other things).

The system administrator can detect DoS and DDoS attacks in a timely manner owing to a special function that monitors the data rate. A powerful built-in antivirus scans any data and files imported into the system for various malware.

Barracuda Web Application Firewall is fully compatible with most common authentication systems (Active Directory, eDirectory) that support LDAP RADIUS. In addition, is has a two-factor identification feature: the system supports user authenticators and tokens (RSASecureID) to ensure reliable protection of client authentication.

Barracuda Web Application Firewall on the vendor ‘s website

Barracuda Web Application Firewall Cost Calculator

Cloudflare WAF

Cloudflare web application firewall (WAF) of corporate class in the cloud protects web applications from common vulnerabilities, such as SQL injection attacks, cross-site scripting and cross-site counterfeiting, without changes to the existing infrastructure. Relatively inexpensive maintenance plans are convenient for small companies. There are more expensive individual plans for large companies – Enterprise. The self-service model used by the company allows customers to quickly and easily customize configurations using wizards. Therefore, customers highly appreciate the ease of maintenance.

Cloudflare (San Francisco, 700 employees) develops DDoS protection and CDN offers. Cloudflare is a provider with a bandwidth of 15 Tbps, and 152 data centers around the world. This infrastructure not only supports high performance applications, but also provides the most advanced protection.

The recent update of Cloudflare Workers allows customers to host web applications in Cloudflare infrastructure, which should be attractive to small organizations. The provider also supplies an easily accessible “I’m under attack” button. It automatically switches on a set of protections and is convenient for emergency response.

Cloudflare offers WAF only as a cloud service. For the organizations with restrictions on cloud services and organizations that require local physical or virtual devices, the product is not suitable.

Cloudflare WAF on the site of the vendor

Citrix NetScaler Application Firewall

Citrix NetScaler AppFirewall is a good choice for Citrix customers who value high-performance WAF devices. NetScaler Web App Firewall is designed for the state segment, large and medium-sized businesses due to the ability of NetScaler to scale applications for large organizations. NetScaler Web App Firewall is supplied both as a virtual machine and as a hardware complex, and is also available as a cloud service.

NetScaler TLS decryption capabilities and Thales and SafeNet hardware integration with security hardware modules (HSM) are often key features in benchmarking for the future, when an organization plans further growth.

Citrix (CTXS, Santa Clara, Calif., more than 9,600 personnel) is developing a NetScaler ADC portfolio that includes hardware (MPX), software (VPX), container (CPX), and multiple copy (SDX). All of these ADC options offer WAF (NetScaler AppFirewall) and Virtual Private Network (VPN) Secure Sockets Layer (SSL) as modules. WAF is also available as a standalone product.

Citrix mainly sells AppFirewall as an add-on to customers who are primarily interested in its ADC features or high-performance environments. The bandwidth of the Citrix Web Application Firewall ranges from 500 Mbps to 44 Gbps.

Customers appreciate the support they receive from system integrators and service providers. They also appreciate the improvements in manageability through the API. Most Citrix clients use NetScaler AppFirewall as software option on top of their physical ADC device.

NetScaler Application Firewall by Citrix protects against SQL injection attacks, XSS, modification of read-only (hidden) parameters, and other attacks. It comes with a data leak prevention function that prevents theft of credit card data and other confidential information, filters and blocks the transmitted information as needed.

F5 Networks Silverline Web Application Firewall

F5 WAF is mainly used as a software option, Application Security Manager (ASM), which is integrated into the F5 Big-IP platform. F5 (Seattle, WA, 4,300 employees) is known for its ADC product lines (Big-IP and Viprion). The Big-F5 hardware line of hardware devices can also use a full software version with a limited (but upgradable) version that will act as a standalone security solution (for example, standalone WAF).

Under the Silverline brand, F5 provides cloud protection against WAF and DDoS. Two service options are available: Silverline Managed WAF and WAF Express self-service with a threat analysis (Silverline Threat Intelligence) add-in. All Silverline services rely on Big-IP technology.

Silverline WAF protects applications against attacks based on SQL code injection, zero-day attacks, JSON attachments, OWASP Top Ten, etc. An important advantage of Silverline WAF is an automatic self-learning feature that uses iRules and iApps technologies for real-time reconfiguration to meet the specifics of new threats.

F5 supports AWS, Azure, Google Cloud, OpenStack and VMware Cloud. Unified management multicloud support appeals to organizations building hybrid architectures.

Silverline WAF offers 24×7 support by security experts. The product allows to cut operating cost by using the special resources of the F5 Networks Security Center while managing WAF policies. The integrated proactive monitoring feature by F5 Networks employs external specialised solutions to protect applications against new attacks. The solution generates reports on access through the customer portal.

F5 Networks Silverline Web Application Firewall on vendor website

Fortinet FortiWeb

Fortinet FortiWeb – Fortinet’s web application firewall (Sunnyvale, California, 5,000 employees, about 1,000 people in R & D) is focused on medium and large-sized businesses, as well as Internet service providers.

The product is delivered as a hardware or virtual machine, as well as a cloud service. With support from the FortiGuard Labs security team, FortiWeb protects against the latest application vulnerabilities, bots, and suspicious URLs. Besides, due to two threat detection mechanisms built on AI-based machine learning technology and statistical probabilities to detect anomalies and isolated threats, the web applications are protected against complex cyber risks: SQL injections, cross-site scripting, buffer overflow, cookie files malevolent change, sources of threats and DoS attacks.

FortiWeb is available as a physical or virtual (FortiWeb-VM) device (eight models, from 25 Mbit / s to 20 Gbit / s), as well as FortiWeb Cloud – on AWS and Azure IaaS platforms, which made the product accessible to medium-sized businesses.

FortiWeb subscriptions include IP address reputation, antivirus, security updates (signatures and machine learning models), credential protection and cloud-based sandbox software (FortiSandbox). FortiWeb is a good choice for protecting file-sharing services, as it offers extensive capabilities and integration for malware detection, and can also integrate with Fortinet sandbox solutions.

Full compatibility of all Fortinet products allows for scaling the system up or down quickly and easily. The high degree of automation of operations and the simplicity of their support reduces the number of human errors. This feature also allows for downsizing the information security department staff.

Fortinet FortiWeb on the vendor site

Imperva SecureSphere Web Application Firewall

Imperva WAF solutions are designed for use in the public sector, as well as in large and medium-sized businesses. SecureSphere can be supplied both as physical and virtual devices. It is also available as a cloud service and a cloud service – WAF Incapsula on AWS and Microsoft Azure. Imperva (Redwood Shores, California) also offers managed rulesets for AWS WAF.

The maximum supported bandwidth of the older model is up to 10 Gbps. In addition to HTTP / HTTPS, it supports WebSockets, XMS, and JSON web standards. The products are interesting in that they use several cyberdefense technologies at once: monitoring of protocols for abnormal behavior, dynamic profiling, signature-based analysis, and session tracking. For all Imperva products, quality support is provided, rated by customers.

Imperva WAF’s made up of two basic modules:

SecureSphere Web Application Firewall – protection of web applications against cyber attacks.

ThreatRadar is a reputation database (ThreatRadar allows you to quickly block traffic coming from suspicious sources, even before the start of any harmful effects).

Imperva offers flexible licensing for organizations using both local and cloud applications. This allows the manufacturer to focus on a wider range of use options and organizations, as well as better manage the transition from the WAF device to the WAF cloud service.

SecureSphere clients report that the management console remains difficult to use with more advanced features, and professional services are often required for effective integration.

Effective protection is provided using mechanisms based on signatures of the free open-source intrusion prevention system called Snort, as well as its own SQL signatures generated by the ADC (Application Defense Center) research facility. In terms of fault tolerance, the product supports Active-Active and Active-Passive clustering.

SecureSphere WAF comes with a non-embeddable sniffer, transparent proxy server, and reverse proxy server, and offers excellent SSL support. In this way, the product provides passive decryption of SSL, support of sessions based on client certificates, termination and determination (i.e., analysis of SSL traffic without termination). It is equally important that the solution contains hardware modules that accelerate SSL processing.

The product generates a benchmark security model using the method of classification of rules and application of detailed signatures (using firewall rules, creating signatures and processing protocol violations). To adapt WAF to an evolving application, the web application profile created in machine learning mode can be modified. It also offers the option of configuring the web application profile manually.

The report generator available in SecureSphere WAF provides system administrators with reports in accordance with the requirements of information security standards. It also allows for generating customized reports (including scheduled reports) and export them in various formats.

Imperva SecureSphere Web Application Firewall on the vendor;s site

Calculator of cost of Imperva SecureSphere Web Application Firewall on ROI4CIO


In the future, the cybercrime statistics is thought to exceed the statistics of off-network crimes. And right now, we should not neglect the protection against attacks – these investments pay off fully. The WAF solution is a small but important brick in your line of defense against intruders.

Authors: Natalia Zorba, Victoria Sholoiko for ROI4CIO
*Article was previously published at Techgyd

No comments

Powered by Blogger.