What is a Web Application Firewall ?
A Web application firewall protects Web servers from malicious traffic and blocks attempts to compromise the system. It prevents targeted attacks that include cross-site scripting, SQL injection, forceful browsing, cookie poisoning and invalid input.
it,s may be an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.
How Hackers try to hack your Website :-
In first phase they try to find the vulnerabilities in your website with Vulnerability scanner tools like Nitko , WebVulScan , Acunetix Web Vulnerability Scanner etc. then they are using Havij SQL Injection Tool or other tool to hack into system, when they going to succeeded in their attack they finally launch the DDOS attack on the website to put it down. check my article How to Perform a DOS attack on a Website (LOIC Tool) .
How Web Application Application Firewall is Protecting your Website ?
Web Application Firewalls look at every request and response within the HTTP/HTTPS/SOAP/XML-RPC/Web Service layers. Web Application Firewalls look for signatures or for abnormal behavior that doesn’t fit the website’s normal traffic patterns. Web Application Firewalls can be either software or hardware appliances that are installed in front of a web server farm.
like in case of SQL injection WAF is matching against the SQL injection engine.
Top 10 Open Source Web Application Firewalls (WAF) :-
1. ModSecurity (Trustwave SpiderLabs)
2. AQTRONIX WebKnight
3. ESAPI WAF
4. WebCastellum
5. Binarysec
6. [email protected]
7. OpenWAF
8. Ironbee
9. Profense
10. Smoothwall
Web Application Application Firewall for WordPress Site :-
1. OSE Firewall 2. Wordfence 3. Better WP Security
Hope you like my post.What is a Web Application Firewall. Please Share with others.
