The reasons to use WAF Security Architecture Image
Read More

The reasons to use “WAF Security Architecture”

In order to design an application firewall that works well in a multi-user network environment, the designers of WAF must consider all the different threats to the network that could affect end-users and businesses. Many of these threats are through internet activity such as phishing, attacks on networks of employees, and viruses that are spread via WANs. Because of this, many WAF vendors have developed tools that enable WAF vendors to handle various threats to a WAF, ranging from simple rules for enforcing WAN policy and doing simple WAF checks against ActiveX controls or even web exploits. Some WAFs are also used to block cookies from being able to be transferred across the internet between web servers and WAF appliances. A cookie is a small piece of information sent from a web server to a browser, to keep track of what type of site the browser is visiting. Because cookies can be compromised and information they contain can be used to track user behavior and the locations of computers, a major concern for information security is the ability of a website to track visitors and the types of sites they visit. In order to address this issue, WAFs are also commonly used to block cookies from being able to leave a site, even when users have cleared their browsing history from a particular site. Another major concern with web application architectures that use WAF security features is the attack surface that is available to attackers. Because many WAFs are designed for high-severity attacks, they can be very complex programs that require advanced knowledge of the targeted application and a long attention to details. Some of the more common attacks include DDoS (Direct Denial-of-Service) attacks, which use multiple network connections to flood the target computer with traffic that is detrimental to the performance. Other attacks include SQL injection and application crashes, which can lead to a denial of service, data corruption, and other issues that can cause sensitive information to be improperly transmitted across the network.