Web Application Server Firewall and Interactive Virtual Patching

A Web Application Server Firewall (WASF) is a firewall that is deployed inside a Web Application Server, such as Tomcat or WebSphere application server, to filter suspicious and malicious requests and thereby protecting the applications running on the server. In this article we focus on two key features of a WASF, called the WASP: (1) Hierarchical Rule Development (HRD) and (2) Interaction Virtual Patching (IVP). We have developed a novel fine-grained hierarchical rule schema for protecting Web applications. The hierarchical rule schema contains a number of features, including support for URI templates and RESTful requests. To improve the usability of developing and deploying firewall rules we have implemented a Rule Development Tool (RDT) that provides several capabilities for developing rules, searching for similar rules, analyzing conflicts among rules, and transforming rules from one format to another one. The RDT also provides capabilities for application developers and security administrators for interactive virtual patching of vulnerable applications. RDT allows one to semi-automatically generate rules based on importing application context for RESTful requests and searching for rules that provide protection against similar vulnerabilities.