Securing Your Web Applications
The daily discovery of new web vulnerabilities and attacks confirms that web applications are not secure. Even with expensive audits and time-consuming fixes, an organization’s security team may not be aware of all the holes in the company’s applications.
Vulnerabilities in the web infrastructure can appear when new features are introduced to applications. Even if applications written by a company’s Information Systems team are almost perfect, one must still consider the security issues which can occur when running third-party applications. And since building security into application code requires constant revisions, breaches can creep in when security fixes are implemented by programmers.
Seeking Broad Protection
Companies are searching for a single solution that has comprehensive protection abilities, does not cause costly redesign of applications, does not require time-consuming manual configuration or disrupt availability of applications to users. The solution must also provide regulatory compliance in reporting and must always be “on” to accommodate today’s 24 x7 society.
Radware has such a solution: a web application firewall (WAF) service integrated into AppXcel™, using the company’s open service architecture. Radware’s implementation is based on SecureSphere, the award-winning web application firewall created by Imperva and licensed to Radware. Imperva’s dynamic profiling technology within the web application firewall builds a model of legitimate application behavior by automatically learning from normal traffic at the customer site.
Add-ons for Scalability, Security, Acceleration
Radware’s architecture has a set of add-ons, like WAF, designed to suit a customer’s need for scalability, security and acceleration while accommodating any performance or capacity requirements. WAF protects web servers and web applications by scanning all HTTP/S traffic going to and from them in several ways.
|
Detection of Profile Violations
WAF’s ability to automatically profile web applications and services is unique. It warns about or blocks a source IP or a connection when detecting a deviation in its behavior from the profiled normal usage of the application without causing false alarms. Profiling is done by tracking and mapping parameters of web application traffic such as
- Types and values range of variables
- Cookies, hidden fields, http methods, parameters, response codes, session IDs and URLs
- SOAP actions, XML structures
WAF closely tracks users’ interactions with the application, monitoring activity and comparing them to a profile. Any attempted attack is detected and blocked. And as a customer’s web applications change over time, the WAF automatically updates its profiles. This keeps WAF’s protection up-to-date and accurate, making the WAF more accurate and easier to deploy and maintain than other solutions.
Signature-based Intrusion Prevention
WAF provides full Snort-based signature detection to protect applications from worms (and other attacks) that target known vulnerabilities in commercial infrastructure software (Apache, IIS etc.).
The Snort database is enhanced by Imperva's Application Defense Center (ADC) which includes new signatures and content such as accuracy, affected systems, background information, frequency and risk. Using this content and WAF's ADC wizards, administrators can quickly isolate the most reliable signature dictionaries for their specific environment. Signatures are continuously updated on Radware’s Security Zone.
Detection of Web Protocol Violations
Protocol compliance checks ensure that HTTP traffic meets Request for Comments (RFC) and expected usage requirements. It prevents attacks for both known and unknown vulnerabilities in commercial web server implementations.
WAF includes comprehensive research conclusions from a collected group of protocol violations that usually indicate attack attempts. Each of these violations can be enabled or disabled for each group of protected web servers.
Protection Against Web Worms
WAF protects against zero day exploits of worms that use unknown web vulnerabilities. For this class of threats, there is no signature protection at the time of outbreak. This kind of web worm spreads by HTTP requests for URLs in default web server directories that were left accessible and that expose a vulnerability. The WAF protection builds a profile of allowed (used) URLs on each web server when learning.
Security Coverage
Because it can combine WAF protection layers with the ability to inspect secure socket layer (SSL) traffic, WAF protects web applications against the threats shown in the table.
| Brute force login |
Known worms |
| Buffer overflow |
Malicious encoding |
| Command |
Malicious robots |
| Cookie poisoning |
Parameter tamper |
| Cross-site scripting |
Patient and corporate espionage |
| Data destruction |
Phishing |
| Data theft |
Scanning |
| Denial of service |
Session hijacking |
| Directory traversal |
SQL injection |
| Form field tampering |
Web, HTTPS and XML application attacks |
| Identify theft |
Web server and operating systems attacks |
| Illegal encoding |
Zero day web worms |
|