Whitelisting Web Application Firewall Vs. Blacklisting Web Application Firewall
I am reading about different WAFs, from open-source to commercial solutions such as Haltdos WAF. Some say having a whitelist WAF is far better than blacklist WAF. I pretty well understand why blacklist-based WAF is obsolete. But, wonder why Web application firewall whitelisting is better than blacklisting. How can whitelist WAF resolve issues?
Have a look:
Why use Whitelist instead of blacklist with a WAF?
It is quite easy to count all that is good within an application than continually updating the bad that gets thrown at your application. Cookies, Routes, Parameters with their values are well-known to an enterprise. Based on this information, it is quite simple to create a proposed whitelist of exact entry points, parameters, cookies, and values for your applications. This whitelist can act as a baseline for application. Any deviation in traffic will serve as bad traffic.
Compared to blacklisting, a whitelist is more secure as well as efficient. You don’t need to enumerate bad in your traffic continuously. Teams that rely on the blacklist are always behind eight balls. Why? To list every known attack vector, hunt the latest zero-day threat, write new rules, and update rules in WAF. In the end, WAF becomes an attack signatures list that keeps looking into the past and fails to protect against new threats.
Indeed, the process to establish a whitelist demands more upfront time in comparison to the blacklist. But, it provides a more robust and proactive WAF security stance. It doesn’t have to worry about each zero-day threat that arises the pike.
A Quick Overview
Embrace whitelisting within your practices and ensure comprehensive web application security. Note: Make sure to update your list regularly.