Every security-conscious web developer has heard of web application firewalls. Web Application Firewalls, or WAFs for short, help us fend off attacks directed at our web applications and most of them are capable of protecting our web applications and related infrastructure from risks that malicious parties are used to exploit. A good firewall will protect us from the following threats:
- Injection attacks, such as SQL injection (SQLi) and the like.
- Cross-site Scripting (XSS)
- Cross-site Request Forgery (CSRF)
- Insecure Direct Object Reference (IDOR) attacks.
- Sensitive Data Exposure attacks.
- Broken Access Control attacks.
- Security Misconfiguration attacks.
As you might have guessed from the list above, a good WAF will protect us from all or at least a good chunk of the vulnerabilities in the OWASP top 10 list. In this blog, we will tell you what should you look out for when choosing a reliable web application firewall (WAF) provider.
How Stringent Do You Need Security to Be?
Before choosing a WAF in the first place, you need to evaluate your current security measures. If you are already considering a Web Application Firewall, chances are that the current security measures protecting your web application are not strong enough and perhaps your web application has just suffered an attempted or successful data breach – you feel that you need more protection.
However, do keep in mind that not all firewalls are cut from the same cloth – some offer things that others do not, for example, some are capable of protecting your web application from the risks mentioned in the OWASP Top 10 list and at the same time protect you from DoS or DDoS attacks, others are not. Some also protect you from a wider range of risks than others do – some even offer whitepapers depicting their security infrastructure and similar things and reading up on such documents surely helps people navigate the security world if they are not already sure if what they’re doing is right.
How is Your Application Built?
After you find yourself deciding on a firewall to use, you should also consider the fact how is your application built in the first place. Things that may be at play here would consist of the technologies that developers have used to build the application (some firewalls may not be compatible with certain programming languages), whether there’s a CDN in use or not, and also consider the fact whether you have used a WAF in the past. If you did, there’s probably less things you will need to worry about in the future – on the other hand, if you didn’t and it’s the first time of you ever using a security suite, you might need to do some more serious research.
After all, it all comes down to a balance between security and cost – if a cost of a web application firewall seems decent to you and the risks that it protects from seem adequately in line with the price, go for it! Since most web application firewall security vendors offer you a 30-day money back guarantee, you don’t really have anything to lose. If you don’t like the product, most of the times you can get your money back without any worry.
Other Considerations In the Security Space
When choosing a web application firewall, chances are that you’re evaluating other products in the security space as well. Some of them might be related to access (think 2FA software solutions), some of them might protect your network from abuse, etc.
You might also be after some software solutions that help you protect yourself or your employees – such solutions can frequently be successfully implemented into an existing web application infrastructure and work without doing any harm to it from the performance, security, or availability side. One of such solutions is an API provided by BreachDirectory – the API will help you protect your employees and yourself from harm that might be caused by attackers attempting identity theft attacks. BreachDirectory does that in two ways: by offering a data breach search capability that is available to everyone, and also by offering an API solution for those who are more serious about upping their security levels. The API offering is then implemented into infrastructures of companies across the globe in various sectors ranging from shopping, information security and law enforcement to education.
Summary
If you’re in the market for a web application firewall solution, make sure to carefully evaluate its capabilities and the upsides it provides to your web application, read the manuals available in the website of the company who makes the firewall, and after all, make sure that the price you’re paying is consistent with the value you’re getting out of the firewall as well. After all that, make sure to give the BreachDirectory API a shot, and we’ll see you in the next blog!