What is Web Application Security?

Web application security is the concept of ensuring protection of websites and online services against application security threats. These malicious activities make use of vulnerabilities in an application’s code to damage the software or take control of the hardware that it is running on.

The increased use of web applications by both organizations and individuals makes application layer attacks a common threat to Web security. These attacks can cripple sites through data breaches and exposed infrastructure.

What is a Web Application?

A web application, often called a web app, is a client-server computer program which is run within a web browser. Websites with a web application may have similar software to a desktop application. There is no real distinction between a dynamic web page and a web application, but generally web applications have some sort of functionality, such as the ability to make purchases. This functionality can come under attack from many different types of modern-day cyber security threats.

What are the Common Web App Security Threats?

Threats to web app security are known as layer or injection attacks, and they can target multiple types of sites. They attack in two ways:

  • Attacking the web application itself: hackers may attempt to break down the functionality of the web app you are trying to run.
  • Forwarding logic to a database: they may be able to access your database and steal sensitive information.

These could both be incredibly dangerous to your site as they could damage its core functionality, or worse still, leak your customers’ or your own personal information such as payment details.

Whether you store sensitive information on your site, or you have a website that functions purely as a promotional site, web application attacks can have a negative impact on both business performance and your overall brand, leading to loss of revenue or a long-term loss of customers and damage to your reputation.

How WAF Security can help

A Web Application Firewall (WAF) is a security measure deployed between a web client and a web server. The firewall performs a 'deep inspection' of every request and response in every common form of web traffic. It protects the web server from attack by identifying abnormal or malicious traffic, then isolating and blocking that traffic to prevent it from reaching the server.

A WAF will protect against the three primary attacks, all of which either attack the web application or seek to steal data:

  • SQL injection — this is when bogus database queries are used to overwhelm or infiltrate critical applications and databases.
  • Cross-site scripting — this is when vulnerabilities in XSS allow attackers to enter a script that is then executed in the user's browser.
  • Malicious file execution — this is when attackers are able to enter hostile data and code by exploiting an application's vulnerability to remote file inclusion.

Is WAF secure?

Many of these attacks happen as a result of a web application’s vulnerabilities. Kona Site Defender is a secure web application firewall that prevents these vulnerabilities from affecting your web app. As a broad-spectrum defense layer, Kona Site Defender works globally using cloud-based technology, which means it can be accessed anywhere and is completely scalable to protect against multiple attacks at the same time. It is deployed at the edge rather than the host data center. This means that your website performance is not compromised while it detects and deflects threats in HTTP and HTTPS traffic. It also issues alerts and blocks attack traffic near its source before it reaches the customer origin.

By providing an alternative to expensive new IT infrastructure, Kona Site Defender can protect against multiple vulnerabilities on a large scale within your budgets.

Learn more about how Akamai's Web Application Firewall can increase Web application security, or visit the Akamai Kona Site Defender page for protection against a range of attack types.