Web Application Firewall

Beside Data Leakage Prevention, a Web Application Firewall enhances security by means of guarding from common web-based application threats.

In order to detect application-layer attacks (for example Injection, Cross-Site Scripting, Cross-Site Request Forgery or session/cookie-based flaws in general) and prevent them even before they reach the application itself, the HTTP-traffic (layer 7) gets interpreted and monitored. This allows checking requests (or at least responses) for suspicious activity or known weaknesses that have not been fixed by the maintainer so far on the basis of included signatures or custom rulesets.

This global approach as "Single Point of Detection", combined with a fine-grained control, ensures protection of several systems without the need of touching the existing applications and meets the PCI DSS requirements. The use of cookie- and URL-encryption improves the protection against several common threats once more significantly.

eMARA Web Application Firewall SQL Injection

The figure above shows that like normal firewalls, eMARA may block direct database access from outside. In addition, the Web Application Firewall feature allows eMARA to detect harmless-looking HTTP-Traffic that tries to fool the accessible web application in order to place the attack in its name. This SQL-Injection-scenario is only one single example under the plenitude of threats.

Comparison to Intrusion Detection

Often confused with and mistaken for an Intrusion Detection or -Prevention System, a Web Application Firewall provides security tailored for a web application's needs.

HTTPS inspectable
SSL offloading
Content Acceleration
Load Balancing
Authentication with Single Sign-On
CSRF protection ±
Session hijacking etc. protection
Request & response manipulation
Application-based logging/reporting