The Open Web Application Security Project (OWASP) was formed with the goal of supporting the creation, development, acquisition, operation and maintenance of applications that can be trusted by their users.
As more applications are developed online, the threats to attack those applications increase even more rapidly in the form of threat agents. The agents, in this case, are not often the good guys (even though sometimes they are employees or others within your organization). They are any capability, intention or activity that attempts to exploit the company’s assets, frequently its data.
Unfortunately, a common website owner perception, especially among small and midsize businesses, is “what could they possibly want with my data?” Sadly, this is a very dangerous perspective. Just because you’re a small business owner, your customers and website visitors may be larger companies or individuals with deep pockets. As soon as they enter their contact information, email address or more risky – their credit card or other financial information – they have just come under attack. And because they were interacting with your website, it happened on your watch.
A web application firewall (WAF) is an advanced technology that allows a website owner to customize the types of conversations or interactions visitors can have on their website and identify and block most attack agents. In short, it keeps the bad guys out of your website. And it protects your visitors and their data.
Now, some WAFs are easier to setup and manage than others. And for most small business owners (or anyone for that matter) – the simpler the better. The rules, or the settings that control the types of threats and vulnerabilities to be identified and prevented, should be strong and powerful out of the box so that users don’t have a to make a lot of decisions in the setup process. In fact, certain WAFs can be setup with a simple DNS change and the default settings instantly protect your online business from the OWASP top ten threats.
Not sure if your site needs a web application firewall? The security experts at SiteLock can help.