What vWAF Does
Typical Attacks
Web applications are much less secure than you might imagine:
- Code or SQL queries can be smuggled in using form fields. Sessions of legitimate users can be hijacked.
- Phishing sites integrate individual parts of a web application, such as graphics and forms, or link back to the web application.
These are just a few examples. Also, it is a common myth that an insecure web application can’t result in harm if that web application is not processing any sensitive data itself, or if the application is not running any functions relating to security. One insecure web application endangers the security of your entire IT system because this web application can be used as the entry point to launch an attack.
In the event of a successful attack, for example, where addresses, bank details or credit card details from your customers fall into the hands of fraudsters, the damage and loss of credibility are considerable. Much less in the public awareness, but no less frequent or with fewer consequences, are cases of industrial espionage.
vWAF Protects Your Web Applications
Standard IT security solutions, such as firewalls, do not offer adequate protection against attacks at the web application level.
The familiar, traditional IT security systems have been developed to protect communication on the transport level and – also for historical reasons – can’t check an HTTP request to any greater extent. This means that you have to let every HTTP request through, otherwise all communication would be blocked. Added to this is the fact that the variety of web script languages, application frameworks, and web technologies offered creates a virtually unlimited number of security gaps – the ideal starting position for hackers.
vWAF closes these gaps in security by directly protecting your web application itself. This protection can be modified specifically for the logic of your web application and protects not only against attacks, but also prohibits all undesirable traffic in general.
vWAF examines each incoming request before it reaches your web application. This means that vWAF ensures that possible attacks no longer get through to your web application in the first place. In the event that an attacker succeeds in obtaining security-related data, despite all the security measures in place, vWAF also analyzes all responses from your web application and, for example, deletes credit card numbers from that data even before the data leaves your server.
In addition to monitoring requests and responses, vWAF implements a separate session handling with cryptographically secure session IDs and separate cookie management.
vWAF itself runs invisibly without a separate IP address, and is therefore protected against direct attacks.
vWAF Detects Attacks
With the help of vWAF you can continuously evaluate and document what attacks have actually been carried out on your web application.
You can also use this to prove that you have met legal requirements, industry standards and service level agreements. Examples of this include the relevant laws on data protection, the German law on control and transparency (KonTraG), Basel II, MasterCard’s Payment Card Industry (PCI) Data Security Standard. or VISA’s Cardholder Information Security Program (CISP), which, when not observed, can involve very significant penalties.
Protection Mode Versus Detection Mode
You can use vWAF in two different modes.
- When in protection mode, vWAF both documents and repels attacks.
- Suspicious requests are denied and do not reach your web application in the first place. When in detection mode, vWAF just monitors your web application and documents all attempted attacks, but it does not interfere with any ongoing traffic.
You can set the modes independently for different web applications. While just monitoring one application you can fully protect another.
Background Information
You can find detailed background information on the subject of Web Application Security in the appendix under the topics: