WEBVTT 00:00.260 --> 00:02.870 Welcome to the Knowledge Portal Video series. 00:03.020 --> 00:09.830 Today we are going to talk about one of the most awaited topics for the Web security, which is the 00:09.830 --> 00:11.300 Web application firewall. 00:13.050 --> 00:18.660 Now, generally when we talk about a web application, then web application in a very simple term is 00:18.660 --> 00:26.250 a software application which resides on a web server and which runs on a client browser. 00:26.580 --> 00:32.610 Now, if we take a look at a very simple web application, then login form can be considered as one. 00:33.300 --> 00:39.780 Now this is a example.com domain where there is a login form which interacts with the database. 00:39.930 --> 00:47.400 Now, whenever user wants to enter, a website, user has to enter a username and password, which will 00:47.400 --> 00:48.600 be validated. 00:49.450 --> 00:52.690 From the database and then the access is given. 00:53.140 --> 01:00.490 Then essentially the login form becomes a simple application which runs on a web browser. 01:02.600 --> 01:11.300 Now, generally the question comes is how can you protect a web application from hackers? 01:11.660 --> 01:15.050 Now looking at a simple firewall based scenario. 01:16.280 --> 01:20.540 Where you have a firewall at the perimeter of your server. 01:20.690 --> 01:26.390 But if we talk about traditional based firewall, then firewall can generally check the destination 01:26.390 --> 01:30.650 IP as well as destination port, as well as the source IP. 01:30.920 --> 01:39.980 It can also do rate limiting kind of stuff, but a traditional firewall cannot look into a Http based 01:39.980 --> 01:40.580 packets. 01:41.650 --> 01:50.500 Now, generally, as this is a web application, it is susceptible to lot of web application based hacking 01:50.500 --> 01:55.060 attempts, which a traditional firewall cannot detect. 01:56.610 --> 02:03.720 Now, if we take a look at a firewall versus a web application firewall, then traditionally the attacks, 02:03.720 --> 02:07.950 which are non Http related, you can say something. 02:07.950 --> 02:13.740 Let's say, for example, brute forcing those kind of things can be protected with a firewall. 02:13.770 --> 02:17.190 Now, firewall can protect those kind of attacks. 02:17.640 --> 02:24.660 However, here, if we talk about Http based attack, then a traditional firewall won't be able to protect 02:24.660 --> 02:30.720 it because it only mostly checks for the source IP as well as the destination port. 02:30.720 --> 02:32.610 It has nothing to do with the. 02:33.890 --> 02:35.810 Data related sections. 02:36.350 --> 02:41.150 And this is where the Web application firewall comes into the picture. 02:41.270 --> 02:49.490 Now, VRF or Web Application Firewall typically looks into the Http based vectors to determine if the 02:49.490 --> 02:57.500 packet that has come is related to a hacking related activity or if it is related to the legitimate 02:57.530 --> 02:58.250 use. 03:00.940 --> 03:07.780 Now, generally in modern scenario, web applications are the weakest link, even though if you have 03:07.780 --> 03:15.550 a very strong firewall or a perimeter security, if your web application is not secure, then your. 03:16.440 --> 03:18.120 So what will we compromise? 03:18.270 --> 03:25.500 And most of the compromise attempts that have been happening, even for enterprises, is because of 03:25.500 --> 03:28.830 the Web application related vulnerabilities. 03:29.070 --> 03:36.990 And this is one of the reasons why having a web application firewall and having a strong web application 03:36.990 --> 03:42.510 without much vulnerabilities is one of the critical requirements in today's enterprise level. 03:42.510 --> 03:43.770 Security is concerned. 03:45.230 --> 03:53.510 Now, generally, if we talk about Owasp top ten, then mostly these are the web application attacks 03:53.510 --> 04:00.770 which are being targeted towards most of the web application related to enterprise as well as the SMEs. 04:01.990 --> 04:10.240 Now, let me show you an example on how a web application firewall should look like or is looking like 04:10.270 --> 04:11.380 as well as the. 04:12.420 --> 04:19.970 On how many web application related hacking attempts that actually happens in day to day activities. 04:19.970 --> 04:27.900 So if I do a pwd, I in var log nginx and let me actually do an error less on error log one with grep, 04:28.110 --> 04:32.490 I'll say color learning and this. 04:32.790 --> 04:34.890 All of these are potential 04:37.080 --> 04:43.170 web application related attacks which are being targeted at our servers. 04:43.170 --> 04:49.260 So if you look at this is just a data of few days and there are so many attacks that are being targeted 04:49.410 --> 04:51.540 at the web application that are learning at. 04:53.400 --> 04:54.260 Our servers. 04:54.270 --> 05:00.150 So this is just a attacks that are being targeted towards small enterprises. 05:00.150 --> 05:05.190 But if you talk about bigger enterprises, then you literally have tens of thousands of attacks. 05:05.190 --> 05:07.560 That takes place every single day. 05:07.860 --> 05:13.020 And this is one of the reasons why you should actually protect your. 05:13.860 --> 05:15.930 Web application from such attacks. 05:16.110 --> 05:20.940 And one of the reasons to do is through a web application firewall. 05:21.820 --> 05:28.980 Now we'll be learning on how we can implement a web application firewall on Nginx in the next lecture. 05:28.990 --> 05:34.780 I hope you got the basic scenario on why a valve is important in today's scenario. 05:36.120 --> 05:40.350 I hope this has been informative for you and I'd like to thank you for viewing.