We recently added Web Application Firewall (WAF) to our portfolio of security technologies for our Custom and Agile Hosting platforms. A WAF is deployed to protect web-based applications or services from external malicious attacks. Unlike a network firewall which monitors general network activity, a WAF focuses on application-specific protocols such as HTTP, HTTPS, XML and SOAP to prevent applications from attacks, including malicious inputs, cross-site scripting, website information scraping, path traversal, tampering of protocol or session data, business logic and injection attacks.
Compliance with industry or government security requirements is one of the most common reasons why organizations deploy security services such as the Web Application Firewall (WAF). Section 6.6 of the Payment Card Industry’s Data Security Standard (PCI-DSS) requires a WAF to protect applications that process credit card data.
WAFs have also been deployed if an organization is unable to directly secure application code. This can happen for legacy applications where either the source code is not available, or the knowledge of how the application works has left the organization. Since secure software development life cycle (SDLC) can’t fix such a problem, a bolt-on application security solution such as a WAF can provide the required protection.
WAFs should not be confused with network firewalls, although both are part of a comprehensive Intrusion Detection Systems (IDS). Network firewalls are designed to protect against TCP/IP related network attacks, but are largely ineffective in protecting the application layer. Although all WAFs can be configured to monitor activity, most are used to block malicious requests before they reach the application; sometimes they are even used to return altered results to the requestor.
Internap’s WAF service includes Alert Logic’s Web Security ManagerTM, a dedicated physical appliance with a service component. Pricing is based on the amount of application traffic experienced, and current rate bands include 100, 250, 500 and 1,000 Mbps.
In addition to WAF, Internap provides a wide range of security and compliancy services, including:
- Vulnerability assessment
- Intrusion detection and prevention
- Managed network firewalls
- Anti-virus protection
- SSL certificates
- Log management
- Patch Management
- SOC 2 compliant data centers
Learn more about protecting your applications with Web App Firewall (WAF).