Web Application Firewall
Web application firewalls (WAF) are a new breed of information security technology designed to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection/ prevention systems can’t, and they do not require modification of application source code.
In general, Applications are vulnerable as application developers do not consistently employ secure coding practices. WAF is designed to combat all attack types that have been categorized as high-level threats, including:
- Cross Site Scripting (XSS)
- SQL injection flaws
- OS command injections
- Site reconnaissance.
- Session hijacking
- Application denial of service
- Malicious probes/crawlers
- Cookie/session tampering
- Path traversal
- Information leakage
In addition, companies that transact online are faced with a host of growing industry regulations such as the Payment Card Industry Data Security Standard (PCI DSS), which mandates that all enterprise and Web applications handling credit card and account information must undergo an extensive and costly audit of custom application code. The alternative to satisfy PCI DSS Section 6.6 compliance is simply installing a WAF in place.