60 | SRA 6.0 Administrator’s GuideWeb Application Firewall Overview(Supported on Windows only.) This section provides an introduction to the Web ApplicationFirewall feature. This section contains the following topics:• “What is Web Application Firewall?” section on page 60• “Benefits of Web Application Firewall” section on page 62• “How Does Web Application Firewall Work?” section on page 63What is Web Application Firewall?Web Application Firewall is subscription-based software that runs on the Dell SonicWALL SRAappliance and protects Web applications running on servers behind the SRA. Web ApplicationFirewall also provides real-time protection for resources such as HTTP(S) bookmarks, Citrixbookmarks, offloaded Web applications, and the SRA management interface and user portalthat run on the Dell SonicWALL SRA appliance itself.Web Application Firewall provides real-time protection against a whole suite of Web attackssuch as Cross-site scripting, SQL Injection, OS Command Injection, and many more. The topten vulnerabilities for Web applications are tracked by OWASP, an open source community thatfocuses its efforts on improving the security of Web applications. Dell SonicWALL SRA WebApplication Firewall protects against these top ten, defined in 2007 as follows:Table 9 OWASP Top Ten VulnerabilitiesName DescriptionA1 - Cross Site Scripting (XSS) XSS flaws occur whenever an application takes user supplieddata and sends it to a Web browser without first validating orencoding that content. XSS allows attackers to execute scriptsin the victim's browser which can hijack user sessions, defaceWeb sites, and possibly introduce worms.A2 - Injection Flaws Injection flaws, particularly SQL injection, are common in Webapplications. Injection occurs when user-supplied data is sentto an interpreter as part of a command or query. The attacker'shostile data tricks the interpreter into executing unintendedcommands or changing data.A3 - Malicious File Execution Code vulnerable to remote file inclusion (RFI) allows attackersto include hostile code and data, resulting in devastatingattacks, such as total server compromise. Malicious file execu-tion attacks affect PHP, XML and any framework whichaccepts filenames or files from users.A4 - Insecure Direct Object Reference A direct object reference occurs when a developer exposes areference to an internal implementation object, such as a file,directory, database record, or key, as a URL or form parame-ter. Attackers can manipulate those references to access otherobjects without authorization.A5 - Cross Site Request Forgery (CSRF) A CSRF attack forces a logged-on victim's browser to send apre-authenticated request to a vulnerable Web application,which then forces the victim's browser to perform a hostileaction to the benefit of the attacker. CSRF can be as powerfulas the Web application that it attacks.A6 - Information Leakage and ImproperError HandlingApplications can unintentionally leak information about theirconfiguration, internal workings, or violate privacy through avariety of application problems. Attackers use this weakness tosteal sensitive data, or conduct more serious attacks.