Greeting Everyone! Hope Everything Is going Good, So Today will Will Discuss about WAF what is Web application firewall & it important why we need waf .
Now a days more businesses are hosted online and increasingly on cloud platforms it is critical to ensure robust cybersecurity defenses are in place. So as To mitigate against cyber risk to protect We must need to Implement WAF Web application firewall.
What is WAF?
In simple word we can define waf is Mechanism That protect Our web application against different Threads attacks that mean which we utilize for better security Against Our Application.
WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe.
As waf is Design For Implementing Security Risk against OWASP top 10 issue , We can classify Top 10 Security Issue Which Includes In:
- Injection
- Broken Authentication. …
- Sensitive Data Exposure. …
- XML External Entities (XEE) …
- Broken Access Control. …
- Security Misconfiguration. …
- Cross-Site Scripting. …
- Insecure Deserialization.
- Using Components With Known Vulnerabilities
- Insufficient Logging And Monitoring
Features of WAF – Protection
- Event Correlation
- User Tracking
- Discovery and Classification
- Reputation Controls
- Anti-Phishing Controls
- DLP
- Database Integratio
Some O Best Cloud based waf which Now a days Used By Organization:
- MS Azure Web Application Firewall A cloud-based WAF which help to protect web servers anywhere.
- Cloudflare WAF Cloud-based security protection which also combined with DDoS protection which may other security issue that now a days web application faceing.
- Akamai Kona Site Defender Akamai is mostly used WAF which Reduce risk effectively mitigating DDoS attacks.
- Amazon Web Services WAF Front end for those who operate Amazon Web Services, including Application Load Balancer and the Amazon content delivery network which help to mitigate against Different Attack phase
How To Check WAF In any targeted Website?
Here To verify WAF we can use wafw00f which default with kali Linux and We can easily Setup it By Github Setup Link: https://github.com/EnableSecurity/wafw00f
To find We will use Use simple Command :
→ wafw00f domain.com
As above Pic as result We got Our target protected By Cloudflare WAF so this is the how we can verify WAF.
Conclusion: Today we have discussed About What is Web application firewall Why we need WAF , Some Features of waf As how we can Verify WAF of our targeted Web application . Now a days Growing of cyber attacks we must need to implement Our application which protect against business risk we must need to deploy WAF To protect from different Risk factor .Hope it helpful for You .
Stick With Our Other Blog: https://securiumsolutions.com/blog
Author: Pallab Jyoti Borah VAPT analyst