2013 IEEE Eleventh International Symposiumon Autonomous DecentralizedSystems (ISADS) Critical Analysis on Web Application Firewall Solutions Abdul Razzaq, Ali Hur, Sidra Shahbaz, Muddassar Masood, H Farooq Ahmad School of Electrical Engineering and Computer Science (SEECS) National University of Sciences and Technology, Islamabad, Pakistan {abdul.razzaq, ali.hur, sidra.shahbaz, muddassar.masood, farooq.ahmad} @seecs.edu.pk Abstract-Web Applications security has become progressively more important these days. Enormous numbers of attacks are being deployed on the web application layer. Due to dramatic increase in Web applications, security gets vulnerable to variety of threats. Most of these attacks are targeted towards the web application layer and network firewall alone cannot prevent these kinds of attacks. The basic reason behind success of these attacks is the ignorance of application developers while writing the web applications and the vulnerabilities in the existing technologies. Web application attacks are the latest trend and hackers are trying to exploit the web application using different techniques. Various solutions are available as open source and in commercial market. But the selection of suitable solution for the security of the organizational systems is a major issue. This survey paper compared the Web Application Firewall (WAF) solutions with important features necessary for the security at application layer. Critical analysis on WAF solutions is helpful for the users to select the most suitable solution to their environments. Keywords- Web application jirewalls, web application solutions, comparison of application solutions I. INTRODUCTION The Web application security has become increasingly important in the last decade due to massive increase in development and use of web application technologies (such as e-business, e- sciences and e-health). A security assessment by the Application Defense Center, which included more than 250 Web applications from e-commerce, online banking, enterprise collaboration, and supply chain management sites, concluded that at least 92% of Web applications are vulnerable to some form of attack. According to Verizon Business' 2010 Data Breach Investigations Report (DBIR)[2], a study conducted in cooperation with the United States Secret Service, provides insight. The report analyzes over 141 confirmed data breaches from 2009 which 978-1-4673-5070-9/13/$31.00 '02013 IEEE resulted in the compromise of 143 million records. The majority of breaches and data stolen in 2009 (95%) was through hacking "servers and applications." According the survey[1] "Web applications continue to be a prime vector of attack for criminals, and the trend shows no sign of abating; attackers increasingly shun network attacks for cross-site scripting, SQL injection, and many other infiltration techniques aimed at the application layer." Web application vulnerabilities can be attributed to many things including poor input validation, insecure session management, improperly configured system settings and flaws in operating systems and web server software. Various methodologies and techniques have been used for the security of the application in term of safe coding, resolving configuration and establishing web application firewalls. Safe coding is one of the one of most important technique, for this developer have to know that different security loop holes exist in web application and how to prevent them. Most of the security problems occur when there are problem in the logics of programs. To avoid these problem developer have to be aware of security issues. Web application layer unfortunately have no protocols and standards which will ensure security issues. So it solely depends on the developer and unfortunately developers are not so much trained that they can understand the security risks. So they leave loop holes in the web applications and hackers can exploit it easily. The 2nd biggest problem with the web application is the use of third party tools like different web server to host web applications. Some time a configuration error e.g. use default setting of the web server or configuration problems between two servers leads hacker to get into the system and hack whatever it wants. For example HTTP request smuggling attack specifically happens because of the configuration