Application Security

The WAF must be informed of where input forms are located, how users navigate through the pages and where data is to be input or output. This is the only way to prevent SQL injections or unauthorised deep links to pages with sensitive content, for example. To minimise the number of false-positive log entries, it is important to only activate the detection patterns that match the respective environment.

WAFs are now so powerful and complex that simply installing them provides almost no added value. On the contrary, if the WAF’s integrated learning mode is used incorrectly before commissioning, the web application firewall is likely to switch to “pull through” in real operation.

If you entrust ensec with the integration of a WAF to protect your web apps, you are safe from such fatal configuration errors. We have years of experience in dealing with WAFs and parameterise the web application firewall based on the actual protection requirements of your particular environment – a truly customised solution. We are also aware of the strengths and weaknesses of our partners’ solutions and will point out any limitations if necessary.

Our specialists can also help you decide whether you are better off using a white or blacklist approach. The former requires the aforementioned specific customisation of the WAF to your application. A blacklist allows all data traffic through to the application and only filters out patterns that are known to be malicious. Our experts will work with you to determine whether you are better off with one or the other approach.

On request, we can also connect the WAFs and load balancers configured by us to your containerised environments (Red Hat OpenShift, Kubernetes) and thus control them via WAF. As these environments are very dynamic and there are constantly new entry and exit points, the corresponding rules must be created automatically. We set the course for this.

A useful addition to a web application firewall is the authentication of users before accessing the respective web app. A single sign-on portal only forwards known users to the respective applications. Since only authenticated requests get through to the actual application, numerous attacks can be nipped in the bud. Such a solution can obtain information about users from an Active Directory or another user management system.

Outsourcing login processes to a uniform portal also helps to standardise authentication and integrate multi-factor login procedures. Instead of configuring each individual web application, it is only necessary to set up the login portal accordingly.