Reseach Essay

2577 WordsNov 7, 201411 Pages
Web Application Firewalls: Defense in Depth for Your Web Infrastructure By Jim Beechey - March 2009 I. Introduction Over the past few years, a clear trend has emerged within the information security landscape; web applications are under attack. “Web applications continue to be a prime vector of attack for criminals, and the trend shows no sign of abating; attackers increasingly shun network attacks for cross-site scripting, SQL injection, and many other infiltration techniques aimed at the application layer.” (Sarwate, 2008) Web application vulnerabilities can be attributed to many things including poor input validation, insecure session management, improperly configured system settings and flaws in operating systems and web server software. Certainly writing secure code is the most effective method for minimizing web application vulnerabilities. However, writing secure code is much easier said than done and involves several key issues. First of all, many organizations do not have the staff or budget required to do full code reviews in order to catch errors. Second, pressure to deliver web applications quickly can cause errors and encourage less secure development practices. Third, while products used to analyze web applications are getting better, there is still a large portion of the job that must be done manually and is susceptible to human error. Securing an organization’s web infrastructure takes a defense in depth approach and must include input from various areas of IT including the web development, operations, infrastructure, and security teams. One technology that can help in the security of a web application infrastructure is a web application firewall. A web application firewall (WAF) is an appliance or server application that watches http/https conversations between a client browser and web server at layer 7. The WAF then has the ability

More about Reseach Essay

Open Document