Get a free application, infrastructure and malware scan report - Scan Your Website Now

How to Build A WAF At the Application Layer?

Posted DateJanuary 30, 2020
Posted Time 4   min Read

WAF or a Web Application Firewall is an essential security tool/ product that allows you to proactively protect your websites/ web applications from malicious attacks and maintain a strong defense against bad actors/ traffic. Web App Firewalls protect against known threats such as SQL injection, DDoS attacks, Cross-Site Forgery, Cross-Site Scripting (XSS), file inclusion, and clickjacking, among others.

Building and deploying WAFs in today’s modern IT environments, increasingly complex applications with several moving parts and third-party components is a critical-yet-tough process. Here is a guide to help you navigate this process.

How WAF Works?

The Web Application Firewall is a transparent reverse proxy in front of the application to ensure that all traffic passes through it and separately sends filtered traffic to the application, hiding the IP address of the application service. It essentially monitors and parses all requests based on the rules (called policies) before they reach your web server/ application. These policies equip the Web App Firewall to ensure that malicious requests and payload do not degrade, compromise, or expose your applications to DDoS or other threats, or cause an exfiltration of data. The policies tell the firewall what needs to be done if vulnerabilities or misconfigurations are found.

The groundwork: Understand the application/ website and how the WAF context relates to it

Planning is the crucial first step in building a Firewall. Understand and analyze app-related engineering concerns, your unique context, and specialized needs from web app security. Remember that traditional/ legacy approaches to web security and a one-size-fits-all open-source Web App Firewall do not make the cut, given the increasing complexity and dynamism of today’s world. So, it is crucial to understand what your objectives are, where the WAF sits in your security solution, and accordingly, tailor security.

Based on your needs, context, and budgetary constraints, you must decide how your Firewall will be deployed – as hardware, software, or as a cloud WAF. Each of these modes of deployment has its own unique benefits and weaknesses. However, cloud WAF is widely preferred by organizations and security experts owing to its cost-effectiveness, easy deployment, scalability, and agility.

Another important decision is whether you want to build the WAF yourself or onboard it on a comprehensive and intelligent solution like the ones provided by AppTrana. In either case, you will have to go through the following steps.

Choose the right security model

There are 3 security models that Web App Firewall follows –

Blacklist/ Negative model which allows all traffic while monitoring and preventing/ blocking all known threats and malicious requests. It requires the WAF to continuously engage in behavioral learning, else, the model becomes ineffective.

Whitelist/ Positive model wherein all expect pre-approved requests/ traffic are blocked. It could lead to high false positives (legitimate requests being denied) which is detrimental and so, regular and continuous tuning and configurations are indispensable for this model to be effective.

The hybrid security model combines the positive and negative models to minimize the drawbacks of both and heighten web app security.

You must choose the right model for your context and needs.

The model the WAF provides is just the starting point for deployment and given the dynamic nature of Web applications a hybrid security model is/should be the starting for any serious transactional web applications and after it is deployed how you configure it is when you start getting real value from WAF.

Create and configure the WAF policies

In the next step, you need to lay down all necessary policies, starting with the basic policies first – analyzing traffic, understanding patterns and MO of OWASP and other known vulnerabilities, action on uncovering vulnerabilities, etc. If you are onboarding to a service, the Web App Firewall will already have default policies.

Once the basic policies are laid down, you must configure and tune these policies and create custom policies in line with your context and needs identified in the planning stage. For instance, if you do not serve in specific countries or continents, you can block those geographies from accessing your application/ website. Similarly, there could be flaws arising from business logic/ policy changes. So, the WAF policies need to be tuned continuously.

You must also enable logging and security analytics in the WAF so that security experts can closely monitor and manage security. It is crucial as there exist flaws that go unnoticed by machines and only a human expert can catch and rectify.

Most importantly try to keep the WAF policies updated to provide defenses against existing application security risk that you may uncover with Web application security assessments and build on those policies and attacks as a foundation for creating future application-specific updates on your WAF.

Make the WAF intelligent with AI-ML

By continuously trying WAF policy updates based on existing risks you uncover in your application from security testing feeds and also understanding of the attacks happening on your website, you can make the Web App Firewall more effective. It will continuously learn from past attack history and global threat intelligence and mapping it to your existing application security risks will enable you to minimize your risks more accurately. AppTrana’s WAF, equipped with providing application context-specific updates by integrating application security risk assessment and managed custom rules/updates to your WAF policies.

Keep yourself updated on the latest on the security front

Your Web Application Firewall is only as effective as the rules and models you choose. Being updated on the latest happening and best practices on the security front will enable you to tune your WAF and your security solution better.

Stay tuned for more relevant and interesting security articles. Follow Indusface on FacebookTwitter, and LinkedIn.

web application security banner

Karthik Krishnamoorthy

Karthik Krishnamoorthy is a senior software professional with 28 years of experience in leadership and individual contributor roles in software development and security. He is currently the Chief Technology Officer at Indusface, where he is responsible for the company's technology strategy and product development. Previously, as Chief Architect, Karthik built the cutting edge, intelligent, Indusface web application scanning solution. Prior to joining Indusface, Karthik was a Datacenter Software Architect at McAfee (Intel Security), and a Storage Security Software Architect at Intel Corporation, in the endpoint storage security team developing security technology in the Windows kernel mode storage driver. Before that, Karthik was the Director of Deep Security Labs at Trend Micro, where he led the Vulnerability Research team for the Deep Security product line, a Host-Based Intrusion Prevention System (HIPS). Karthik started his career as a Senior Software Developer at various companies in Ottawa, Canada including Cognos, Entrust, Bigwords and Corel He holds a Master of Computer Science degree from Savitribai Phule Pune University and a Bachelor of Computer Science degree from Fergusson College. He also has various certifications like in machine learning from Coursera, AWS, etc. from 2014.

Share Article:

Join 51000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

Cloud WAF Pricing
Cloud WAF Pricing: All You Need to Know

Explore Cloud WAF pricing and different options and factors to find the perfect fit for your web application security requirements.

Read More
Managed Cloud WAF
Managed WAF: A Must-Have to Stop Website Attacks

A Managed WAF is a comprehensive cybersecurity service offered by specialized providers to oversee, optimize, and maintain the security of web applications

Read More
cloud based firewall vs on premise
16 Ways Cloud WAFs are Better than On-Premise WAFs

Cloud WAFs outperform On-Premise WAFs in multiple ways – find out how in our breakdown of 16 key advantages.

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% customer recommendation for 4 consecutive years.

A Customers’ Choice for 2024, 2023 and 2022 - Gartner® Peer Insights™

The reviews and ratings are in!