Revision with unchanged content. Web applications are not protected by
today's network level firewalls, because they allow access to TCP port
80 without restrictions. However, many successful attacks today are not
on the network level, but on application level. For protecting against
application level attacks, a firewall must understand the application
protocols, that are used on its open ports. This happens in application
level firewalls and for Web application in Web application firewalls.
The underlying concepts of Web application firewalls differ much from
the concepts of traditional network level firewalls. This book explains
the underlying concepts of Web application firewalls. Afterwards, they
are applied to a collection of security requirements, that application
developers should respect today for developing a secure Web application.
A Web application firewall is capable of automatically implementing many
of these requirements. As a result, Web application developers can
ignore these requirements, because the Web applications firewall already
ensures their implementation and therefore the security of the Web
application. This book is intended for anyone, who is interested in
securing his Web application.