A web application firewall’s job is to monitor and, if necessary, stop malicious or unwanted traffic to a web application, unlike a firewall that only protects network and transport layers. If your client only has a firewall in place — and not a web application firewall — they can still be vulnerable to these types of cyberattacks:
1Distributed Denial of Service (DDoS)
A DDoS attack is an attempt to flood a service with an excessive amount of traffic so it’s inaccessible to legitimate users. The Cloudflare blog describes a DDoS attack “like a traffic jam clogging up a highway, preventing regular traffic from arriving at its desired destination.” Cybercriminals can exploit a variety of different types of devices, including Internet of Things (IoT) devices, to carry out an attack.
Kaspersky explains that a zero-day exploit occurs on the same day that a software vulnerability is discovered: “Usually the program creators are quick to create a fix that improves program protection, however, sometimes hackers hear about the flaw first and are quick to exploit it. When this happens, there is little protection against an attack because the software flaw is so new.”
3Cross-Site Scripting (XSS)
The Open Web Application Security Project (OWASP) defines cross-site scripting as “a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.” The cybercriminal sends malicious code, often browser side script, to the user, and, if unprotected, the user has no way of knowing that the script shouldn’t be trusted and executes it. The malicious script can access sensitive information or rewrite content.
F5 explains that cookie poisoning is a type of cyberattack in which the cybercriminal manipulate a cookie that is sent back to a server. The altered cookie may be manipulated to bypass security or to steal sensitive information.
Web scraping is a method of extracting specific information from a website, often to use it for their own sites. A web application firewall can prevent scripts or machines from extracting data from a website.
OWASP explains that a web parameter tampering attack uses information stored in cookies, hidden fields or URL query strings to modify parameters such as user credentials, permissions, or prices. The cybercriminal may perform parameter tampering to exploit an application for their own benefit or to attack a third party with a man-in-the-middle attack.
7Exploiting Buffer Overflow Vulnerabilities
A buffer overflow or a buffer overrun, according to Veracode, is a software coding mistake that occurs when there’s more data in a buffer than it can manage, which causes data to overflow into adjacent storage. A buffer overflow can create an entry point for cyberattack, enabling a cybercriminal to overwrite a part of the application’s memory.
SQL injection is a type of cyberattack that inserts an SQL query which allows the cybercriminal to read sensitive data, spoof identity, modify data, execute administrative operations, and sometimes issue commands to the operating system.
How Web Application Firewall Protect from These Types of Cyberattacks
Web application firewalls use a variety of techniques to defend against these cyberattacks. For example, they use attack data to maintain a current blacklist of malicious applications, so known threats can be stopped. They can also employ artificial intelligence (AI) and machine learning to detect anomalies and flag suspicious behavior — even before the threat is blacklisted. A web application firewall can also block bad clients and traffic floods, which can prevent DDoS attacks.
Without a web application firewall, your clients remain vulnerable to existing threats and are at a greater risk from new types of cyberattacks that cybercriminals continually develop.
For information on the capabilities of specific products that you can use to protect your clients, see our web application firewall product comparison.