3 Reasons to use a WAF

Web application firewalls (WAFs) are an additional security layer that can be deployed to filter inbound traffic to web servers for malicious payloads and are a great defence when used as part of a secure system lifecycle.

It can be all too easy to deploy a WAF and assume it has mitigated attacks on your web application, but this isn’t always the case. WAFs provide a security layer, meaning they are not the all-in-one solution people often believe they are.

1. Common Threat Mitigation

Okay, this is an obvious one. Use a WAF as it was originally intended. Don’t be drawn in by marketing advise which may lead you to believe it’s infallible and an attacker will never defeat it, because they will.

Use a WAF as part of your secure system design and ensure you also conduct application code reviews where they application are developed in-house, alongside regular application penetration testing.

2. Closed Source Applications

If the application source code cannot be reviewed, ask the vendor to provide an independent penetration test report and check how recently it was done.

This scenario is the strongest use case for a WAF as it’s not possible to protect against vulnerabilities you have no oversight of. Third-party applications that have not undergone independent security reviews frequently contain vulnerabilities in the code that is simply obscured due to it being closed source.

3. Compliance

With the General Data Protection Regulation (GDPR) impending and the existing Payment Card Industry (PCI) standards advising either source code review or a WAF for web applications, implementing a WAF may be the most cost-effective way to meet compliance requirements and demonstrate you have taken precautions with your web security by implementing appropriate security controls.

Whether you have a need to meet compliance requirements or are taking a pro-active approach to security, get in touch with us today to discuss your requirements and your options with our cyber security experts.