• About
  • Archive
  • Contact
  • basefarm.com
Basefarm Blog
  • Big Data blog
  • Cloud blog
  • Security blog
  • DevOps blog
  • Menu

How a Web Application Firewall can protect against bad coding

By: Hans-Petter Fjeld and Abel De Kat Angelino, Information Security Engineers at Basefarm

You might think, and you could even be right in that your own web application is perfectly written with zero bugs, so that no attacker can obtain information they should not be able to. But what about the software surrounding your web application? Unfortunately, this software often is things you don’t have control over like frameworks, web servers, operating systems, and sometimes even hardware.

The aim of a Web Application Firewall (WAF), is to ensure that your web application is kept safe even if there are coding mistakes in it or in any of the underlying systems or frameworks it runs on top of.

A WAF, given the correct setup of rules, could for example protect your web application against unknown threats, so called Zero Days. One example is the Command Injection exploit that was released for Apache Struts which allowed an attacker to simply modify the Content-Type header, in order to gain direct access to the server, which would have allowed the user to steal data and move further into the network. By utilizing a WAF, customers were able to protect themselves against the attack even before a patch was available. This was possible because the intelligence built into it could recognize that a Command Injection was attempted and thus block it.

In another layer, you would have your Web Server which your web application runs on top of. Vulnerabilities occurs on it from time to time, and sometimes they will not get patched. One example is CVE-2017-7269 which had a known exploit available, but Microsoft said they wouldn’t patch. In this case, a WAF would be able to assist you.

As you can see, it’s not only your own web application that is a target here, it’s your entire environment. So, even though there is never a silver bullet when it comes to IT-Security, you should always work to keep your code as well-written as possible to avoid potential breaches. Moreover, a WAF is one of the most important aspects when it comes to your ability to defend your web application against data breaches.

-Let’s Be Careful Out There (Hill Street Blues)

If you are interested read more here:

https://blog.basefarm.com/blog/are-you-prepared-for-ddos-attacks/

Or contact us and we will get back to you!

Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Google+
  • Share on Pinterest
  • Share on Linkedin
  • Share by Mail

Recent Posts

  • Should you build your own SOC or use one as a service?
  • What is a Security Operations Center and why do you need it?
  • How do you find the right SOC provider for your company?
  • 4 Industries That Have to Fight the Hardest Against Cyberattacks
  • Security Software & Tools Tips – December 2018

Tag cloud

Data Thinking patch job Software drupal patch tuesday osx SIRT java patchtuesday security Windows Server 2012 OpenShift HP dreamhack sirt newsletter wordpress exploit DevOps adobe swedish it security cisco Azure tips flash update KAM Cloud sql server Azure Stack PowerShell vulnerability Big Data cluster microsoft ruby oracle it-security newsletter apple iOS AI Data lake windows
Subscribe via RSS

Recent Comments

  • Naveen on How to install Logstash on Windows Server 2012 with Kibana in IIS.
  • MJ Almassud on Basic inventory of HyperV virtual machines using PowerShell
  • toto on Tracing select statements on specific objects in SQL Server without using Profiler
  • Jawad on SQL Server 2008 R2 setup fails due to invalid credentials
  • Jason Boettcher on A day in the life of a Technical Account Manager

Archive

  • 2018 (116)
  • 2017 (75)
  • 2016 (46)
  • 2015 (51)
  • 2014 (65)
  • 2013 (162)
  • 2012 (28)
  • 2011 (19)
© Copyright - Basefarm Security Blog
  • Facebook
  • Twitter
  • Instagram
  • Mail
Hackers Turn to Python as Attack Coding Language of Choice Why use a Managed Service Provider for Amazon Web Services
Scroll to top