Web development has been speeding ahead by leaps and bounds. We have seen RSS, SOAP, SAML, CSS and AJAX to name just a few. All of the aforementioned change the fundamental nature of web presentation or rather layer 7 behaviour. This brings with it, it’s own set of security issues. Progress is a good thing but, it becomes a problem when security fails to keep pace. Enter the web application firewall. These systems are protocol aware and help greatly to reduce the risk of attack.
Straight away they help to guard against poor code that has not been vetted for security issues. They add another level of audit capability that willl assist when dealing with audits or for meeting compliance requirements. As well, they help protect the keys to the kingdom, your customers data!
These firewalls not only protect against attackers but permit you to have a level of visibility into the web traffic that you would not traditionally have available. An example of this would be a warez server running as a virtual on an apache webserver. A legitimate webserver on a legit IP address but, without deep inspection you would not necessarily notice the HTTP traffic with nefarious purpose.
Companies such as F5, Breach Security and Impreva provide this type of technology. These device can be deployed in several different configurations such as bridging, offline, or reverse proxy. For companies that are mid-sized up to enterprise the costs can be $30K and up. But, for the smaller shops there are alternatives albeit not nearly as effective. Using an Apache webserver as a reverse proxy can be rolled out for relatively low cost. While this is not as robust as the commercial offerings it does afford some added protection. The short story is that we all have to take web security more seriuously. As firewalls and network access controls improve the focus of the furry toothed hacker has shifted to protocol attacks over legitimate channels.
[tags]Web Application Firewalls, XML firewalls, Web apps, Layer 7[/tags]