Dell SMA 200 Administration Manual page 64

What is Web Application Firewall?
Web Application Firewall is subscription-based software that runs on the SMA/SRA appliance and protects Web
applications running on servers behind the appliance. Web Application Firewall also provides real-time
protection for resources such as HTTP(S) bookmarks, Citrix bookmarks, offloaded Web applications, and the
Secure Mobile Access management interface and user portal that run on the SMA/SRA appliance itself.
Web Application Firewall provides real-time protection against a whole suite of Web attacks such as Cross-site
scripting, SQL Injection, OS Command Injection, and many more. The top ten vulnerabilities for Web
applications are tracked by OWASP, an open source community that focuses its efforts on improving the security
of Web applications. Secure Mobile Access Web Application Firewall protects against these top ten, defined as
follows:
Table 15. OWASP Top Ten Vulnerabilities
Name
A1 - Cross Site Scripting (XSS)
A2 - Injection Flaws
A3 - Malicious File Execution
A4 - Insecure Direct Object Reference A direct object reference occurs when a developer exposes a
A5 - Cross Site Request Forgery (CSRF) A CSRF attack forces a logged-on victim's browser to send a pre-
A6 - Information Leakage and
Improper Error Handling
A7 - Broken Authentication and
Session Management
A8 - Insecure Cryptographic Storage
A9 - Insecure Communications
A10 - Failure to Restrict URL Access
Description
XSS flaws occur whenever an application takes user supplied data and
sends it to a Web browser without first validating or encoding that
content. XSS allows attackers to execute scripts in the victim's
browser which can hijack user sessions, deface Web sites, and possibly
introduce worms.
Injection flaws, particularly SQL injection, are common in Web
applications. Injection occurs when user-supplied data is sent to an
interpreter as part of a command or query. The attacker's hostile data
tricks the interpreter into executing unintended commands or
changing data.
Code vulnerable to remote file inclusion (RFI) allows attackers to
include hostile code and data, resulting in devastating attacks, such
as total server compromise. Malicious file execution attacks affect
PHP, XML and any framework which accepts filenames or files from
users.
reference to an internal implementation object, such as a file,
directory, database record, or key, as a URL or form parameter.
Attackers can manipulate those references to access other objects
without authorization.
authenticated request to a vulnerable Web application that then
forces the victim's browser to do a hostile action to the benefit of the
attacker. CSRF can be as powerful as the Web application that it
attacks.
Applications can unintentionally leak information about their
configuration, internal workings, or violate privacy through a variety
of application problems. Attackers use this weakness to steal sensitive
data, or conduct more serious attacks.
Account credentials and session tokens are often not properly
protected. Attackers compromise passwords, keys, or authentication
tokens to assume other users' identities.
Web applications rarely use cryptographic functions properly to
protect data and credentials. Attackers use weakly protected data to
conduct identity theft and other crimes, such as credit card fraud.
Applications frequently fail to encrypt network traffic when it is
necessary to protect sensitive communications.
Frequently, an application only protects sensitive functionality by
preventing the display of links or URLs to unauthorized users.
Attackers can use this weakness to access and complete unauthorized
operations by accessing those URLs directly.
Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
64