Importance of Web Application Firewall Technology for Protecting Web-based Resources
by Andrew J. Hacker - Senior Security Analyst, ICSA Labs - Wednesday, 12 March 2008.
Web-based applications and services have changed the landscape of information delivery and exchange in todayís corporate, government, and educational arenas. Ease of access, increased availability of information, and the richness of web services have universally increased productivity and operational efficiencies. These increases have led to heavier reliance on web-based services and greater integration of internal information systems and data repositories with web-facing applications.

While motivations of attackers against a victimís corporate and organizational assets remain the same (financial, IP, identity theft, services disruption, or denial of service, for example), web applications enable a whole new class of vulnerabilities and exploit techniques such as SQL injection, cross-site scripting (XSS), and cross-site request forgery, to name a few.

The complexity of services, potential severity of breaches, and mounting sophistication of attacks requires additional functionality beyond the capability of traditional network-based security products. The emergence of dedicated web application firewall technology provides a comprehensive and focused solution to help increase the security of web-based services and protect valuable information assets.

This paper will review the fundamental functionality of several traditional security technologies from a high-level perspective, including network firewalls, intrusion prevention systems, outbound content filtering, and anti-malware gateways. It will discuss why dedicated web application firewall technology is necessary to protect web-facing resources. It will also provide a suggested deployment model that illustrates the relative locations of the discussed technologies within a simplified enterprise network.

Download the paper in PDF format here.

Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //