While motivations of attackers against a victimís corporate and organizational assets remain the same (financial, IP, identity theft, services disruption, or denial of service, for example), web applications enable a whole new class of vulnerabilities and exploit techniques such as SQL injection, cross-site scripting (XSS), and cross-site request forgery, to name a few.
The complexity of services, potential severity of breaches, and mounting sophistication of attacks requires additional functionality beyond the capability of traditional network-based security products. The emergence of dedicated web application firewall technology provides a comprehensive and focused solution to help increase the security of web-based services and protect valuable information assets.
This paper will review the fundamental functionality of several traditional security technologies from a high-level perspective, including network firewalls, intrusion prevention systems, outbound content filtering, and anti-malware gateways. It will discuss why dedicated web application firewall technology is necessary to protect web-facing resources. It will also provide a suggested deployment model that illustrates the relative locations of the discussed technologies within a simplified enterprise network.
Download the paper in PDF format here.