Are you currently experiencing an attack?

Are you currently experiencing an attack?

What is Web Application Security

Summary

Web application security is the process of protecting web applications from Internet threats. Traditionally, this is provided by a WAF: a web application firewall. (For more information, see What is a web application firewall? and How does a WAF work?)

Keep reading: Related Content

More Topics

Summary

Web application security is the process of protecting web applications from Internet threats. Traditionally, this is provided by a WAF: a web application firewall. (For more information, see What is a web application firewall? and How does a WAF work?)

What is Web Application Security

Web application security is the process of protecting web applications from Internet threats. Traditionally, this is provided by a WAF: a web application firewall. (For more information, see What is a web application firewall? and How does a WAF work?)

What is a web application?

A web application is a client-server system that runs over the Internet, where the client is a web browser or native/mobile software.

In a traditional client-server system, client software communicates with server software, usually on separate physical devices. The two applications are tightly coupled in their design; changing or updating one of them often requires changing the other also.

In the early 1990s, “web” clients and servers became popular. (The name comes from Tim Berners-Lee’s 1990 proposal for a “WorldWideWeb” system of hyperlinked information.) The first websites were static; clients used browser software to interpret and display HTML documents that were stored on web servers.

Over time, web sites became dynamic. In 1995, JavaScript was introduced: a client-side scripting language which allowed pages to be more interactive with their users. As Flash, Java, DHTML, and other technologies also became available, they extended the potential capabilities of a “web page.” Today, the most sophisticated pages are full-blown applications.

Therefore, a web application is a client-server system which runs over the Internet, using a web browser as the client. However, as mobile devices became widespread, software ecosystems have arisen for these platforms. Many of these mobile client applications use web protocols for communication with the servers. Therefore, they are often considered to be web applications as well, even though a browser is not used.

The majority of Internet usage today involves web applications. Web application security has thus become a vitally important part of today’s Internet.

What is web application security?

As commercial activity on the Internet has continued to grow, so have the incentives for hostile activity and abuse.

Web applications can be vulnerable in a variety of ways. As the Internet has evolved, some of these have been mitigated. For example, thanks to the adoption of HTTPS as the default protocol for the majority of websites, MitM (Man in the Middle) attacks have become more difficult. 

However, web application servers are inherently difficult to secure. By their nature, they must accept incoming connections from clients. Therefore, servers must have the ability to distinguish legitimate clients from hostile clients, and be able to deny further access to those which are discovered to be hostile. There are a wide variety of malicious activities that are possible; for example, see the list of the OWASP Top 10 Web Application Security Risks.

Some developers have tried to build security into their web applications, so that they include the ability to detect hostile activity within the requests that they receive. 

However, this approach has several major problems. First, it requires the application developers to be security experts (which is very unlikely in today’s complex threat environment). It’s also incompatible with modern development practices, which tend to favor small, independent services over large monolithic applications. 

Therefore, the most effective approach for web application security is for servers to run separate, dedicated security applications (such as AWS WAF) to filter and scrub incoming traffic. Modern threat actors are well-financed, tenacious, and sophisticated: therefore, a next-generation WAF is a crucial component of any web application system today.

Get your price quote

Fill out your email below, and we will send you a price quote tailored to your needs

This website uses cookies to ensure you get the best experience on our website.