Web Application Firewalls

Revision with unchanged content. Web applications are not protected by today's network level firewalls, because they allow access to TCP port 80 without restrictions. However, many successful attacks today are not on the network level, but on application level. For protecting against application level attacks, a firewall must understand the application protocols, that are used on its open ports. This happens in application level firewalls and for Web application in Web application firewalls. The underlying concepts of Web application firewalls differ much from the concepts of traditional network level firewalls. This book explains the underlying concepts of Web application firewalls. Afterwards, they are applied to a collection of security requirements, that application developers should respect today for developing a secure Web application. A Web application firewall is capable of automatically implementing many of these requirements. As a result, Web application developers can ignore these requirements, because the Web applications firewall already ensures their implementation and therefore the security of the Web application. This book is intended for anyone, who is interested in securing his Web application.