ISSN:2229-6093

Vaishali Malekar et al,,Int.J.Computer Technology & Applications,Vol 4 (1),141-144

Web Application Firewall to Protect Against Web

Application Vulnerabilities: A Survey and Comparison

Vaishali Malekar Prof J. M. Waghmare

Department of computer science Department of computer science
SGGS, Nanded SGGS, Nanded

ABSTRACT

In the recent years, web applications are the settings and flaws in operating systems and web
number one source of vulnerabilities targeted by server software. Most attacks are “stealth-like”.
Hackers. Although traditionally companies have Many companies do not even know they have been
used intrusion detection and prevention systems attacked. Cyber criminals are looking at obtaining
which monitor the network in general, there is now credit card information, social security numbers,
a widespread use of Web Application Firewalls as a addresses and other sensitive information while
security solution that monitors and protects only exploiting the vulnerability for as long as they are
web applications. A web application is a software undetected.
application that is accessed over the Internet using One technology that can help in the security of a
HyperText Transfer Protocol (HTTP). In a typical web application infrastructure is a web application
web application a client, such as a browser, firewall. A web application firewall (WAF) is an
interacts with a web server by exchanging a series appliance or server application that watches http/https
of messages that are made up of HTTP requests and conversations between a client browser and web
responses. An attacker often exploits vulnerabilities server at layer 7.
that exist in a web application to launch attacks. A web application firewall (WAF) protects web
The types of attacks against web applications application much in the same way a traditional
include Cross-site Scripting (XSS), SQL injection firewall protects a network. It controls the input and
and Cross-Site Request Forgery (CSRF) attacks. output, as well as the access to and from the asset it is
The paper proposed a Web Application Firewall to protecting. However, traditional network firewalls
protect against known and unknown attacks. evaluate IP packets or protocols without an
Keywords - Web application, web application awareness of the application payload so they cannot
firewalls, web attacks, HTTP. provide protection to the application layer. Without
an awareness of the HTML data payload these layer 3
1. Introduction devices cannot recognize and overcome the types of
application layer threats that make web applications
Over the past few years, a clear trend has emerged vulnerable to attack. Attacks such as SQL injection,
within the information security landscape; web
cross-site scripting or session hijacking and many
applications are under attack. The threats of web-
more are aimed at vulnerabilities in the web
based attacks from hackers are getting more frequent applications itself. [3]
and more sophisticated. Every web application is at Web application firewalls are called “Deep Packet
risk from companies processing billions of dollars in
Inspection Firewalls” because they look at every
credit card transactions to those processing very little.
request and response within the different service
Web application vulnerabilities can be attributed to layers such as HTTP and HTTPS whereas traditional
many things including poor input validation, insecure firewalls usually block access to certain ports or filter
session management, improperly configured system by IP address. [4].
2. Web Application Firewall
A Web Application Firewall is software or an
application placed between the network firewall and

IJCTA | Jan-Feb 2013 141

Available online@www.ijcta.com
 ISSN:2229-6093
Vaishali Malekar et al, ,Int.J.Computer Technology & Applications,Vol 4 (1),141-144

the web server. Some Web Application Firewalls cloak and isolate web servers, validate sessions,
look for certain 'attack signatures' to try to identify a protect against CSRF attacks, and mitigate denial of
specific attack that an intruder may be sending, while service attacks [7].
others look for abnormal behavior that does not fit
the websites normal traffic patterns. A Web 3.3 Imperva SecureSphere Web Application
Application Firewall (WAF) is a security device that Firewall
protects the web application and web application It can be deployed as a physical appliance, virtual
server from various attacks such as SQL Injection, appliance or as a managed service. It can also be
cross site scripting, code injection, etc. WAF protects deployed as a transparent bridge or as a reverse
a web application against detected vulnerabilities and proxy. It provides features like ThreatRadar, which
prevents them from being exploited by attackers. uses reputation data to help block malicious IP
Fig.1.shows Web Application Firewall infrastructure. addresses, botnet attacks, phishing URLs and
anonymous proxies. For protecting web applications
from threats it combines multiple security engines
into a cohesive Web defense. It also integrates with
web application vulnerability scanners to provide
virtual patching capabilities [8].

3.4 FortiWeb Web Application Firewall

The FortiWeb web application firewall provides
specialized, layered application threat protection.
WAFs are specifically designed to inspect HTTP(s) FortiWeb’s integrated web application and XML
traffic and regulate data contained within headers, firewalls protect your web-based applications and
URL parameters, and web content. With a WAF in internet-facing data from attack and data loss.
place, malicious hackers may target insecure FortiWeb application firewall provides features like
websites, but attacks are intercepted and denied SQL Injection, XML Schema Poisoning, Cross-site
before reaching the custom web application code. request forgery, Cross-site Scripting and information
WAFs at their core are designed to separate safe web Leakage [9].
traffic from malicious traffic before it’s received by
the website. 3.5 Barracuda Web Application Firewall
The Barracuda Web Application Firewall protects
3. Web Application Firewalls To Secure Web sites and Web applications from application
Web Applications vulnerabilities to instigate data theft, denial of
3.1 Allplicure DotDefender service, or defacement of an organization’s Web site.
Applicure dotDefender is a software-based Web The Barracuda Web Application Firewall provides
Application Firewall, which is installed as a web- award-winning protection from all common attacks
server plug-in. It works cross-platform, and supports on Web applications, including SQL injections,
Apache or Microsoft IIS web-servers. It’s also cross-site scripting attacks, session tampering and
suitable for shared, hosting environments with central buffer overflows. The Barracuda application firewall
management capabilities. It uses a pattern recognition provides protection features like SQL Injection,
engine to detect actions that could indicate an attack, Cross-site Scripting, Cookie of Forms Tampering and
and a session protection engine to deal with session Brute Force Protection [10].
spoofing and denial of service attacks. It also ships
with a signature database to detect known attacks. Its 3.6 SonicWall Web Application Firewall
feature list is boosted by file upload protection, server SonicWall Web Application Firewall uses a
masking and information leakage engines. Its pattern dynamically updated signature database to detect
recognition and signature engine both support custom sophisticated Web-based attacks and protect Web
entries [6]. applications including SSL VPN portals. SonicWall
3.2 Armorlogic Profense Web Application Web Application Firewall Service applies reverse
Firewall proxy analysis of Layer 7 traffic against known
signatures, denies access upon detecting Web
Profense operates as a reverse proxy, so traffic for application malware, and redirects users to an
a protected website is re-directed through the Web explanatory error page. SonicWall application
Application Firewall. It provides features like prevent firewall supports features like Cross-site Request
data leakage, check for HTTP header compliance,

IJCTA | Jan-Feb 2013 142

Available online@www.ijcta.com
 ISSN:2229-6093
Vaishali Malekar et al, ,Int.J.Computer Technology & Applications,Vol 4 (1),141-144

Forgery protection, session management and matches then request is forwarded to the web server.
information discloser protection [11]. Web server sends response back to the Web
Application Firewall which will again compare it
3.8 Citrix Web Application Firewall with the signature based model. If the response
The Citrix Application Web Application Firewall matched with the signature it will display error
filters the requests as well responses and monitor message otherwise compared with normal behavior
them for evidence of malicious activity and block model. If matched with the normal behavior, then
them if they exists. It Supports features like safe response is forwarded to the user otherwise
preventing data loss, prevents unauthorized display an error message. Thus it protects from SQL
modifications to web sites to secure from accessing injection, cross site scripting, buffer overflows,
sensitive information. It protects web application forceful browsing and various kinds of attacks.
from buffer overflow attacks, cookie security attacks
and forceful browsing attacks [12].
5. Comparison between the proposed WAF
4. The Proposed Web Application Firewall with the other Web Application Firewalls
(WAF)
The proposed Web Application Firewall not only
Table No.1 Comparison Of Proposed Web
detect attacks that are known to occur in web Application Firewall With Other WAF
application environments, it also detect and prevent
new unknown type of attacks. It supports two Sr. Name Of Web
approaches to secure the web application. First one is
the Signature Based Model and second one is Normal No. Application Features
Behavior Model. Firewall
The Signature Based Model defines all the attack
patterns or signatures of known attacks which  Denial Of Service
exploits weaknesses in system and application threats
software. Signature Based Model uses pattern  Cross site scripting
matching techniques against the frequently updated  SQL Injection
1 Applicure attacks
database of attack signatures. It is useful to detect
known attacks but not the newones whereas the DotDefender  Path traversal
Normal Behavior Model defines normal behavior of
the web application. This Model uses the rule based
techniques or data mining techniques to detect
unknown attacks without signatures.  Data leakage
 Check for HTTP
header compliance
 Validate sessions
2 Armorlogic  Protect against
Profense Cross Site Request
Forgery attacks
 Mitigate denial of
service attacks
 Cross site scripting
attacks
 Cross site Request
Forgery Attacks
3 Imperva  SQL Injection
Fig.2. shows the working of proposed Web SecureSphere  OWASP Top Ten
Application Firewall. The incoming HTTP request is Attacks [12]
compared with the signatures already stored in the
database. If the request matched with the signature
then specific error message will be displayed and the
request will be blocked. Pattern matching techniques 4 FortiWeb  SQL Injection
can be used to detect known attacks. If the request  XML Schema
does not matched with the signatures, it will be Poisoning
compared with the Normal Behavior Model. If it  Cross-site request

IJCTA | Jan-Feb 2013 143

Available online@www.ijcta.com
 ISSN:2229-6093
Vaishali Malekar et al, ,Int.J.Computer Technology & Applications,Vol 4 (1),141-144

forgery reason web attacks are very attractive for hackers. A

 Cross-site scripting Web Application Firewall can be a highly effective
 Information defense for blocking newly discovered vulnerabilities
Leakage or previously successful attacks. So implementing a
 SQL Injection web application firewall is a great method to protect
 Cross-site scripting your application from web attacks.
 Cookie of Forms The proposed tool is able to detect both known
Tampering and unknown attacks that exploit the web application.
5 Barracuda  Brute Force It uses both the signature based model in which all
Protection the attack patterns are already stored and normal
behavior model in which all the normal traffic that
target the web applications are already stored in the
 SQL Injection database. Thus it can detect known attacks with
 Cross-site scripting signatures and also the newer attacks without
 Cookie of Forms signatures. By watching for unusual or unexpected
Tampering patterns in the traffic it can alert and defend against
6 SonicWall  Brute Force unknown attacks. If a user makes an illegitimate
Protection request to a web application protected by Web
Application Firewall, the request will never go to the
application.
 Buffer overflow
attacks REFERENCES
 Cookie security [1] Dhanya Pramod, A study of various approaches to
attacks assess and provide web based application security,
7 Citrix  Forceful browsing International Journal of Innovation, Management and
attacks Technology, 2(1), February, 2011.
 SQL Injection [2] Katkar Anjali S., Kulkarni Raj B., Web vulnerability
attacks detection and security mechanism, International
 Buffer overflow Journal of Soft Computing and Engineering, Volume,
attacks 2(4), September 2012.
8 Proposed [3] Nilesh Kochare, B.B.Meshram., Tool to detect and
 Path traversal prevent web attack, International Journal of Advanced
 Cookie poisoning Research in Computer Engineering and Technology,
Web
 Cross site scripting Volume, 1(4), Jun 2012.
Application attacks [4] Web Application Security Consortium, “Web
 Data Theft Application Firewall Evaluation Criteria,
Firewall protection Version1.0,”
 Information http://www.webappsec.org/projects/wafec/, Jan.
leakage 2006.
[5] DotDefender Web Application Firewall
 Forceful browsing
http://www.applicure.com.
 Session Hijacking [6] Profence Application Firewall
 Incorrect input http://www.armorlogic.com/web-application-
handling firewall.html.
 Error Handling [7] Securesphere Web Application Firewall
problem http://www.Imperva.com.
 Directory traversal [8] Fortiweb Application Firewall
 OWASP Top Ten http://www.fortinet.com/products/fortiweb/index.html.
Attacks [9] Barracuda Application Firewall
 Cookie security http://www.barracudanetworks.com/ns/products/web-
site-firewall.
attacks [10] SonicWall Web Application Firewall
http://www.sonicwall.com
6. Conclusion And Future Scope [11] Citrix Web Application Firewall
www.citrix.com/appfirewall.
We studied various tools and to protect against
[12] OWASP Top Ten Attacks
web applications vulnerabilities. Web applications http://www.owasp.org.
have a natural sensitivity to attacks. Attacks are easy
to perform compared to network attacks. For this

IJCTA | Jan-Feb 2013 144

Available online@www.ijcta.com