Web Application Firewall (WAF)

Web Application Firewall protects websites and web applications from attackers who exploit application or log vulnerabilities to steal data or change the appearance of an organization's website.

It protects against web application attacks and denial of service (DoS) attacks. Unlike traditional network firewalls or intrusion detection systems (IDS) that simply pass HTTP, HTTPS, or FTP traffic to web applications, the Web Application Firewall acts as a two-way proxy for this traffic. It checks the traffic for attacks, isolating web servers from direct access by hackers. In addition, the Web Application Firewall eliminates attacks carried out by deliberately modifying application queries (e.g., making it impossible to modify cookies).

Unlike intrusion detection systems that analyse only binary samples, Web Application Firewall takes all traffic instead of the web server itself. It decodes the communication and removes/drops unauthorized characters or queries and normalizes the data. In addition, the systems provide protection against misuse of sensitive data. Of all the attacks reported today, approximately seventy percent target the application layer.
 

Analysis of a suitable solution and design of WAF deployment Analysis of existing application needs, detailed design of suitable solution in accordance with infrastructure requirements and separation of individual applications.

Implementation of the selected WAF solution Implementation by analysis of the selected solution, according to detailed proposals.  Support/development of the WAF solution Support/development of the WAF solution at the level of contact with the manufacturer, resolution of non-standard events, or overall support to ensure the functionality of the WAF solution.

Rental of WAF solutions (as a service) may include both implementation and support/development according to the parameters of the rental agreement.
 

The approach to the analysis or deployment of WAF solutions is based on the best practices reported by the manufacturers of individual WAF solutions. In the case of analysis or deployment on applications with unclear or complex structure, the same methods as for penetration tests are performed. These results then provide further clear guidance for future configuration and design.

A large Czech insurance company, in cooperation with its regular ICT solution provider, failed to deploy an application firewall. The firewall was not working as expected and it was not possible to find the error, even though it had already taken many hours of cost and effort.

The insurance company therefore asked us for help. Our team quickly analysed the entire firewall setup and its overall integration into the network infrastructure. Thanks to our knowledge of security technologies, protocols and standards, we identified and described the critical vulnerabilities within the first day. In addition, we proposed an effective solution that led to a quick remediation of the problems and enabled the insurance company to proceed with the major ICT projects in question.