Table of Contents
Advertisement
Web Application Firewall Overview
(Supported on Windows only.) This section provides an introduction to the Web Application
Firewall feature. This section contains the following topics:
•
•
•
What is Web Application Firewall?
Web Application Firewall is subscription-based software that runs on the Dell SonicWALL SRA
appliance and protects Web applications running on servers behind the SRA. Web Application
Firewall also provides real-time protection for resources such as HTTP(S) bookmarks, Citrix
bookmarks, offloaded Web applications, and the SRA management interface and user portal
that run on the Dell SonicWALL SRA appliance itself.
Web Application Firewall provides real-time protection against a whole suite of Web attacks
such as Cross-site scripting, SQL Injection, OS Command Injection, and many more. The top
ten vulnerabilities for Web applications are tracked by OWASP, an open source community that
focuses its efforts on improving the security of Web applications. Dell SonicWALL SRA Web
Application Firewall protects against these top ten, defined in 2007 as follows:
Table 9
Name
A1 - Cross Site Scripting (XSS)
A2 - Injection Flaws
A3 - Malicious File Execution
A4 - Insecure Direct Object Reference
A5 - Cross Site Request Forgery (CSRF)
A6 - Information Leakage and Improper
Error Handling
60 | SRA 6.0 Administrator's Guide
"What is Web Application Firewall?" section on page 60
"Benefits of Web Application Firewall" section on page 62
"How Does Web Application Firewall Work?" section on page 63
OWASP Top Ten Vulnerabilities
Description
XSS flaws occur whenever an application takes user supplied
data and sends it to a Web browser without first validating or
encoding that content. XSS allows attackers to execute scripts
in the victim's browser which can hijack user sessions, deface
Web sites, and possibly introduce worms.
Injection flaws, particularly SQL injection, are common in Web
applications. Injection occurs when user-supplied data is sent
to an interpreter as part of a command or query. The attacker's
hostile data tricks the interpreter into executing unintended
commands or changing data.
Code vulnerable to remote file inclusion (RFI) allows attackers
to include hostile code and data, resulting in devastating
attacks, such as total server compromise. Malicious file execu-
tion attacks affect PHP, XML and any framework which
accepts filenames or files from users.
A direct object reference occurs when a developer exposes a
reference to an internal implementation object, such as a file,
directory, database record, or key, as a URL or form parame-
ter. Attackers can manipulate those references to access other
objects without authorization.
A CSRF attack forces a logged-on victim's browser to send a
pre-authenticated request to a vulnerable Web application,
which then forces the victim's browser to perform a hostile
action to the benefit of the attacker. CSRF can be as powerful
as the Web application that it attacks.
Applications can unintentionally leak information about their
configuration, internal workings, or violate privacy through a
variety of application problems. Attackers use this weakness to
steal sensitive data, or conduct more serious attacks.
Hide quick links:
Advertisement
Chapters
Table of Contents
