What is a Web Application Firewall (WAF)?
Ғылым және технология
Traditional network firewalls (Layer 3-4) do a great job preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic. Today, threat vectors are being introduced at all layers of the network. For example, the Slowloris and HTTP Flood attacks are Layer 7 attacks...a traditional network firewall would never stop these attacks. But, nonetheless, your application would still go down if/when it gets hit by one of these. It's important to defend your network with more than just a traditional Layer 3-4 firewall. That's where a Web Application Firewall (WAF) comes in. In this video, John outlines what a WAF is and why your web application needs one.
community.f5.com/articles/lig...
Пікірлер: 151
I would also add that the reason to have WAFs is it's faster to adjust firewalls than rewrite an application. If your application has a security flaw, adjusting the firewall to "cover" that "weak spot" so to speak is much easier than fundamentally changing the architecture of your app. As humans we strive for perfection, that's why we have secure code standards and such. But the chase for perfection is without end and the app ultimately needs to be deployed, to perform its function, so it's much more productive to design safe apps to the best of your abilities while being efficient and use WAFs as a frontline defense.
@brianchappel4187
11 ай бұрын
Love this comment.
can we just take a moment to appreciate the crazy vizual. You're writing on a glass board (or so it appears) while looking at the cam and it's legibal as we see it in the direct your write which should be mirror reflected. It should look backwards... Great job Cam crew, good job John.
@devcentral
2 жыл бұрын
Thanks for the comment and here's the Behind the Scenes for our Lightboards: kzread.info/dash/bejne/h2t5wa5tp6a2hMY.html
@DGonz0-
2 жыл бұрын
@@devcentral 👌 Awesome!... I thought John was in boxers for a second... 😆🤣
I like this. Being non-tech, i was grappling with the concept. The visual presentation here and the back-to-basics kind of instruction are exactly what i need. THANK YOU👍
@devcentral
3 жыл бұрын
glad you enjoyed it!
@frankcasseus1271
Жыл бұрын
AGREED!!!
Great explanation!!! Thank you for your effort.
Great presenter. very simply to follow and easy to listen to.
@devcentral
Жыл бұрын
Glad you lied it and thanks for the comment!
Very well explained... thank you!
I concur with Trevor you present very well and helps "owning the content"✨👍 Sometimes network forensics and security can seem like Romulan..
@devcentral
3 жыл бұрын
glad you enjoyed it!
Well explained, thank you!
@devcentral
4 жыл бұрын
glad you enjoyed it!
This is so amazing! What a great resource :)
@devcentral
6 жыл бұрын
glad you enjoy the videos!
Lovely... Thankyou very much.. Due to your excellent presentation will start my journey to security from today
@devcentral
3 жыл бұрын
I'm glad you enjoyed the video!
Amazing explanation!Thanks.
@devcentral
4 жыл бұрын
glad you enjoyed it!
very simple and to the point video
@devcentral
2 жыл бұрын
Glad you enjoyed it!
You are a great speaker man.
@devcentral
2 жыл бұрын
Appreciate the comment!
Great video !!!! Clear explain thank you
@devcentral
4 жыл бұрын
I'm glad you enjoyed it!
Awesome explanation! Keep up the great work.
@devcentral
5 жыл бұрын
glad you enjoyed it!
I am happy about finding this awesome tutorial, thanks a lot
@devcentral
2 жыл бұрын
Glad you enjoyed it!
"ack el" that's the first time I have heard ACL pronounced like that :D
Good content and clear explanation, liked and subscribed, keep them bringing
@devcentral
3 жыл бұрын
glad you enjoyed it!
man just started writing mirror alphabets.... he's in different league 🔥
@psilvas
2 жыл бұрын
this is how we do the Lightboard Lessons: kzread.info/dash/bejne/h2t5wa5tp6a2hMY.html
@_lost._.zeny_
2 жыл бұрын
@@psilvas damn!!
Great explanation !
@devcentral
Жыл бұрын
Glad you liked it! And, thanks for the comment!
Really good explanation. Thanks a lot
@devcentral
3 жыл бұрын
glad you enjoyed it!
thank you !! you're a great teacher :)
@devcentral
3 жыл бұрын
Thanks Trevor...glad you enjoyed the video!
Thank you very much for this video.
@devcentral
Жыл бұрын
...and, thank you for the comment! Glad you enjoyed the video!
Great explanation! Thank you Quick question, in general, can WAFs protect against LDAP injections as well?
@devcentral
2 жыл бұрын
Hi and thanks for the comment!. The primary defense against LDAP injection is proper input validation and a (competent) WAF should be able to do that.
Awesome explanation
@devcentral
5 жыл бұрын
glad you enjoyed it!
@princeprincejohlan9624
4 жыл бұрын
Hi
Super video.Thank you.
@devcentral
3 жыл бұрын
glad you enjoyed it!
awesome explanation!!!
@devcentral
3 жыл бұрын
Glad you enjoyed it!
This is good, but you compared a legacy firewall to a WAF, but what about a Next-gen firewall? Next-Gen firewall does Layer 7/Deep packet inspection, so why would I need a WAF if I had a Next-Gen for example? What does the WAF inspect that the Next-Gen doesn't, especially when both can inspect HTTPs? Thank you!
@victorparlindungan5659
5 жыл бұрын
signatures and constraint. Some NGFW have embeded WAF software, but the differences between that WAF and "the real WAF" is the real WAF can do SSL-offload, and it have much deeper settings on signature (i think that focus on 10 OWASP)
it would be nice if there were subtitles!
@bibaq4923
3 жыл бұрын
agree with u!!!
@devcentral
3 жыл бұрын
We'll see what we can do about that and appreciate the comment.
@redareda-yb9vu
11 ай бұрын
😂😂😂😂😂😂 0:31
@redareda-yb9vu
11 ай бұрын
😂😂😂😂😂😂 0:36
@redareda-yb9vu
11 ай бұрын
😂😂😂😂😂😂 0:45 😅
Backward writing understood but did you design the tshirt with mirror images as well?
@psilvas
3 жыл бұрын
Hi. We had shirts made with the logos reversed. :-)
Highness of your writing skills.....lefty smoothly write
Great Video, easy to understand. Question, if you only have Web Apps in the cloud, no infrastructure, would deploying a Firewall in front of the WAF be of any use or would this add complexity and new costs?
@devcentral
2 жыл бұрын
Well, a WAF generally focuses on http(s) (80/443) traffic so there ight be instances where you'd want a Network Firewall (layer 3 - tcp/udp) to protect that traffic. Some WAFs have network security features and much depends on your infrastructure and where the WAF resides within the network. I know that's not a definitive answer but like with many infrastructure questions, it depends. :-)
I would have liked to see a couple of details about how it works out. Show code/details on how a specific attack is blocked. I see the WAF as being valuable to quickly block off things that are learned until the application can be changed. That seems to go against what I see in the field though, since those who use a WAF often lack the commitment to go fix the core problem in the app later. That is surprising on the one hand, but not when leadership tendencies are considered.
El tema es que los firewalls tradicionales ya no se utilizan y fueron reemplazados por los NGFW que trabajan en la capa de aplicaciones... ¿como compararías un WAF vs NGFW?.. Saludos!
I hope I will get judgement about this..tnk u very much..
Great...thanks a lot..😊😊
@devcentral
4 жыл бұрын
glad you enjoyed it!
How would you integrate a waf with a typical n/w firewall?? What would be the typical packet flow in that case between the clients and the web app servers?
@devcentral
6 жыл бұрын
Here's a good lightboard lesson on the "life of a packet" through the BIG-IP. it doesn't explicitly cover everything you asked, but it can provide additional perspective. and, the answer from Blood Sausage is a good one as well!! kzread.info/dash/bejne/o3eAp9luqKzAZ9Y.html
@SajidKhan-dy2dk
5 жыл бұрын
Tamir Zuhair
Gud work
Hi John. Great video. What about the behavior of a WAF with HTTPS? Does it work properly without SSL inspection or does it need an open traffic? Tnks.
@devcentral
2 жыл бұрын
Generally it does need to terminate and decrypt the traffic to inspect the data. However, if an organization want to send encrypted traffic direct to the server, a WAF can pass that through if configured to do so. Does that answer your question?
@wramarante
2 жыл бұрын
@@devcentral yes, it does. The F5 WAF has built-in stuff to decrypt the traffic before evaluating the data or it requires a separate tool like F5 SSLO?
@devcentral
2 жыл бұрын
@@wramarante The WAF can decrypt. SSL Orchestrator can too depending on your infrastructure.
thats great, but how can we know over the network before log activity, whether the user is going to to do un-authorize or authorize activity in the web application
@devcentral
4 жыл бұрын
Hi Fawad, thanks for the question. When a user requests a web application, you don't immediately know if they are trying to do something good or bad. This is where the Web Application Firewall comes in and inspects each request and ensures it is a safe request (based on all the signatures of the WAF and the protection capabilities it has), and then only allows the request through if it passes the security checks of the WAF. If the WAF finds something unsafe in the request, then it blocks the request from accessing your web application. It does this for every single request, so even if a user gets logs in properly and then (once they are in) starts to do some bad stuff, the WAF will block as soon as the bad stuff starts happening. I hope this helps...thanks!
@fawadkhan8905
4 жыл бұрын
F5 DevCentral thank you great insight
Love your videos guys! Would basic WAF theory like this still be relevant in 2022? I know a lot of knowledge in IT Security changes day by day!
@devcentral
2 жыл бұрын
We think so but WAFs are moving more toward WAAP - Web Application & API Protection. So, still protecting websites plus, API calls. Hope that helps!
@HD_Heresy
2 жыл бұрын
Oh WAAP sounds interesting! Look forward to your lightboard lesson on that one day!
How is he writing backwards? It's hard to stay focused because it's too cool
@devcentral
6 жыл бұрын
Thanks for the note! You can see how we do these here: kzread.info/dash/bejne/h2t5wa5tp6a2hMY.html
@grom3852
6 жыл бұрын
Lol, ya there's some video showing how its all done, but don't watch it cause it's so awesome without! lol ;)
@chrishoward1983able
5 жыл бұрын
i agree, i'm in awe....
@bekirkatranci
5 жыл бұрын
I was about to figure it myself then I saw the t-shirt chest label, fooled myself and said "nah, he must be really writing backwards". So, that's backwards, too? If so, nice touch!
@tareeko
4 жыл бұрын
It's even cooler that they printed a flipped logo on his polo shirt.
Do you have plans to produce a Lightboard for 'Advanced WAF' in the near future?
@devcentral
6 жыл бұрын
yes we do! stay tuned...it's coming out in the next couple of weeks
@devcentral
6 жыл бұрын
Here's the Advanced WAF Lightboard: kzread.info/dash/bejne/enaWpq17hpe3h5M.html
Hi, i got two small questions: First how is a WAF setup? Is there a physical instance ahead of the web apps within my network? seconly how does the detection work, is it able to work with complex machine learning models or is the detection of for example XSS signature based? Other than that great video, thanks :)
@aubreyking3685
Жыл бұрын
WAF can be set up in many different configurations. Most common, historically, is to have an appliance in front of applications. The WAF can be a proxy, itself, or scaled horizontally in front of the app being defended. With modern attacks, most customers are shifting to a multi-layered WAF approach, with Distributed Cloud WAAP taking out signature based attacks before a packet even reaches the data center. Inside the data center, AWAF profiles the applications on a per-uri basis, right down to which unicode characters are allowed! It understands what the expected request and response time are for every element on every uri in your app. Some customers also employ NGINX+ w/ Application Protection to proxy in small environments or even to profile East-West inside an application environment that exists underneath the traditional load balancer / WAF or cloud WAF that is northbound in flow. Great question! Thanks for watching!
Well Explained
Isn't this supposed to be handled in the l7 reverse proxy ?
Are there hardware WAF’s you can buy of is this something you have to download or program in?
@JasonRahm
4 жыл бұрын
F5's WAF is available in many difference packages, you can reference here: www.f5.com/products/security/advanced-waf.
thank you
@devcentral
2 жыл бұрын
Glad you enjoyed the video!
Just want to know is this support for web site security , block sql injection and other attacks
@devcentral
2 жыл бұрын
Yes, a WAF (if properly configured) can mitigate those types of attacks.
@sisitharupasingha17
2 жыл бұрын
@@devcentral can you suggest any service for hostgater cpannel
writing backwards?
@wilcosec
3 жыл бұрын
camera is facing a mirror
Are you left handed?? Do you write in lateral inverted style?? Is your T-shirt having an inverted text ??
@devcentral
Жыл бұрын
We made a video to explain it all :) kzread.info/dash/bejne/h2t5wa5tp6a2hMY.html
@habukproductions6966
Жыл бұрын
Ahh!! The Tshirt has inverted text
I like his reversed logo shirt
@deathstroke2341
3 жыл бұрын
he is writing with his right hand actually
When he's talking about layers 3 and 4, is he referencing the OSI model?
@devcentral
3 жыл бұрын
Yes he is. thanks for the comment!!
@alicynwonderland6499
3 жыл бұрын
@@devcentral Thanks for the quick reply!
thanks
@devcentral
2 жыл бұрын
We appreciate the comment!
What are you using for writing like this?
@psilvas
3 жыл бұрын
You can see how we do this: kzread.info/dash/bejne/h2t5wa5tp6a2hMY.html
My certificate is been used by one company and made server so how could u help me regarding this
Great video - but I have a question. Is he writing backwards? Or is the video just reversed? It's magic!
@devcentral
2 жыл бұрын
Thanks for the comment! One we get often. ;-) Here's how we produce these: kzread.info/dash/bejne/h2t5wa5tp6a2hMY.html
@marcrtaylor
2 жыл бұрын
@@devcentral thanks! I guessed right! Its really effective!
can WAF inspect Encrypted/HTTPS traffic too ?
@psilvas
4 жыл бұрын
it can, as long as the SSL terminates on the WAF and is decrypted, it can inspect that traffic.
Great explanation, but the WAF features you mentioned can also be handled by an NGFW (upto layer 7) as opposed traditional network firewalls (layer3-4). I was hoping you throw a light on the real difference between an NGFW and a WAF.
@jayanarayanankodothputhiya9465
4 жыл бұрын
As I understand NGFW is a package comprising of WAF and IPS/IDS capabilities on a traditional firewall. It is a cost effective solution for SME. At the same time they are prone to single point of failure, having all those features in a single box. For large enterprises, they use separate devices to protect their infrastructure, insuring different layers fo security,
You comparing WAF VS very old firewall ! You should compared with NG firewalls.
@devcentral
4 жыл бұрын
Thanks for the comment! It's true that firewalls have come a long way in recent days/years. This video is showing the difference between a WAF and some of the older network firewalls. It's important to have the security functionality discussed in the video, so if a newer firewall can get it done, that's great!
inverted writing technique?
@devcentral
Жыл бұрын
Behind the Scenes: kzread.info/dash/bejne/h2t5wa5tp6a2hMY.html
Qgm group LLC,is made server using my ISO, finger print,headscan, so what security is given by the government, or security Buro
Dude is Davinci writing with left hand backwards
@devcentral
Жыл бұрын
thanks for the comment and this is how we produce these: kzread.info/dash/bejne/h2t5wa5tp6a2hMY.html
firewall takes care only layer3-4, that is in stone age.
i want this chinese vision
não entendi nada
you are SO cute.
@kalkalasch
4 жыл бұрын
i bet you'd like to flood some of his ports with http requests but i am sure he's employing an intrusion prevention system
FLE HOUSE HAS FOUND ITS NEW HOST.
This video is filled with filler, and technical jargon. I bet 90% of viewers still don't understand what a WAF does.
Yang milih allah like 800 ya yang milih dajal abaikan saja
Shirt blends it with background and arms appear independent of body. Makes hard to focus.
Great explanation ! Thank you ...
@devcentral
4 жыл бұрын
glad you enjoyed it!