Importance of Web Application Firewall Technology for Protecting Web-based Resources
by Andrew J. Hacker - Senior Security Analyst, ICSA Labs - Wednesday, 12 March 2008.
Web-based applications and services have changed the landscape of information delivery and exchange in todayís corporate, government, and educational arenas. Ease of access, increased availability of information, and the richness of web services have universally increased productivity and operational efficiencies. These increases have led to heavier reliance on web-based services and greater integration of internal information systems and data repositories with web-facing applications.

While motivations of attackers against a victimís corporate and organizational assets remain the same (financial, IP, identity theft, services disruption, or denial of service, for example), web applications enable a whole new class of vulnerabilities and exploit techniques such as SQL injection, cross-site scripting (XSS), and cross-site request forgery, to name a few.

The complexity of services, potential severity of breaches, and mounting sophistication of attacks requires additional functionality beyond the capability of traditional network-based security products. The emergence of dedicated web application firewall technology provides a comprehensive and focused solution to help increase the security of web-based services and protect valuable information assets.

This paper will review the fundamental functionality of several traditional security technologies from a high-level perspective, including network firewalls, intrusion prevention systems, outbound content filtering, and anti-malware gateways. It will discuss why dedicated web application firewall technology is necessary to protect web-facing resources. It will also provide a suggested deployment model that illustrates the relative locations of the discussed technologies within a simplified enterprise network.

Download the paper in PDF format here.

Spotlight

Fighting malware, emerging threats and AI

Posted on 24 November 2014.  |  Liran Tancman is the CEO of CyActive, a predictive cyber security company. In this interview he talks about fighting malware, emerging threats, artificial intelligence and the cloud.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Nov 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //