A web application firewall (WAF) is a firewall that monitors, filters, and blocks data packets as they travel to and from a website or web application. A WAF can be network, host or cloud based and is usually deployed through a reverse proxy and placed in front of one or more websites or applications.
In this article, in addition to delving into the WAF concept, you will understand how the AWS service works within it.
Check it out!
What is WAF
Web application firewalls are a common security control used by companies to protect web systems from zero-day exploits, malware infections, impersonation, and other known and unknown threats and vulnerabilities.
Through custom inspections, a WAF is able to immediately detect and prevent many of the most dangerous web application security flaws that traditional network firewalls and other intrusion detection systems (IDSes) and intrusion prevention systems (IPSes) have. may not be able to do.
WAFs are especially useful for companies that provide products or services over the Internet, such as e-commerce shopping, online banking, and other interactions between customers or business partners.
How does WAF work?
In practice, a WAF analyzes HTTP (Hypertext Transfer Protocol) requests and applies a set of rules that define which parts of that conversation are benign and which are malicious.
The main parts of HTTP conversations analyzed by a WAF are GET and POST requests. GET requests are used to retrieve data from the server, and POST requests are used to send data to a server to change its state.
A WAF can take two approaches to parsing and filtering the content contained in these HTTP requests:
- whitelist: A whitelist approach means WAF will deny all requests by default and allow only trusted requests. It provides a list of which IP addresses are known to be safe. The whitelist is less resource intensive than the blacklist. The downside of a whitelist approach is that it can intentionally block benign traffic. While it projects a wide network and can be efficient, it can also be inaccurate.
- Black list: A blacklist approach defaults to allowing packets to pass through and uses predefined signatures to block malicious web traffic and protect vulnerabilities in websites or web applications. It is a list of rules that indicate malicious packages. Blacklisting is best suited for public websites and web applications as they receive a lot of traffic from unknown IP addresses that are not malicious or benign. The downside of a blacklist approach is that it consumes more resources; requires more information to filter packets based on specific characteristics rather than defaulting to trusted IP addresses.
WAF can also be a hybrid combination of the two filter approaches listed above. This hybrid security model uses both blacklist and whitelist elements.
The AWS WAF
AWS WAF, from Amazon Web Services, gives you control over how traffic reaches your applications, allowing you to create security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns defined by you.
You can get started quickly using AWS WAF Managed Rules, a preconfigured set of rules managed by AWS or AWS Marketplace Sellers.
The WAF Managed Rules addresses issues such as OWASP's Top 10 Security Risks. These rules are regularly updated as new issues arise.
AWS WAF includes a multi-purpose API that you can use to automate the creation, deployment, and maintenance of security rules.
With AWS WAF, you only pay for what you use. Pricing is based on how many rules you deploy and how many requests your app receives. There are no advance commitments.
You can deploy AWS WAF on Amazon CloudFront as part of a CDN solution, Application Load Balancer that sits in front of web or origin servers running on EC2, or Amazon API Gateway for your APIs.
Here are the main benefits you can get with AWS WAF:
- Agile protection against web attacks;
- Time savings with managed rules;
- Better visibility of web traffic;
- Ease of deployment and maintenance;
- Cost-effective web application protection;
- Security built into the way you develop apps.
The WAF in the context of the LGPD
Finally, it is important to highlight that a web application firewall is a fundamental service at a time when Brazilian companies must adapt to the General Law on Data Protection (LGPD).
As we know, the LGPD is the legislation that deals with the way in which the personal data of Brazilian citizens are stored and processed. It brings a series of rules that organizations need to adhere to to protect the privacy of their customers, and also to ensure that the owners of their personal data are the only holders of their rights.
In this sense, even if the company does everything correctly, but does not have mechanisms to protect its applications, it can be a victim of fraud — and also in these cases, they are responsible for the way in which citizens' personal data are treated.
Do you want to know more about WAF AWS? make contact with us for a demo with one of our experts!
