Web The technical roots of security issues and the evolution of attack methods are the same on a global scale , So both at home and abroad ,WEB Application Firewall （WAF） It's bound to be mainstream Web Application security solutions .
however , Some users once thought that another product was Web Application Firewall , It is the webpage tamper proof system . Webpage tampering is always a headache for domestic websites Web safety problem . and , The number of such attacks is still on the rise . Government portal , colleges and universities , enterprise , There have been serious webpage tampering events in the websites of operators . therefore , Webpage tamper proof system is becoming more and more popular .
Webpage tamper proof system is a software solution , Its protective effect is direct , But its deployment location and rationale determine , It can only protect static pages , Dynamic pages cannot be protected . He Ping, general manager of barracuda in China, said , To solve this problem , Some web tamper proof system providers have proposed Web On the server, install the “SQL Injection protection module ” The plan of , But it does Web Server performance , And tampering with dynamic pages is far more than just “SQL injection ”, This patching scheme will not work in the long run .
He Ping laughs that the webpage tamper proof system is a beggar's version Web Application Firewall . But the web page tamper proof system's insufficiency , nothing less than Web Advantages of application firewall . It is deployed on the network , depth analysis HTTP Protocol traffic , In the comprehensive defense of all kinds of Web At the same time of security threat , Yes Web There is no interference from the server , It fundamentally solves the main problems including webpage tampering Web safety problem .
There is also a class called Web Hardware products for real-time monitoring and testing , have Web Vulnerability detection , Webpage tampering recognition , Trojans detection ,Web Content audit and other detection technology ; To achieve the Web attack , Integrated monitoring of threats and events , It can automatically complete the centralized monitoring and security situation analysis of large-scale websites . Although this product can solve the website security problem to a great extent , However, it is lack of sufficient defense capability while focusing on detection . In order to actively defend against unknown threats , It will also evolve into WEB Application Firewall .
He Ping pointed out that , At present, China's Web The application firewall market is still in the market cultivation period . Due to China Certification Center , The Ministry of public security and other authoritative institutions have not yet been promulgated WEB Standards of application firewall products , So some have only parts WAF The function of the product is also playing Web Using the flag of firewall to sell , Confusing user audition , Hope users are buying Web Sharpen your eyes when applying firewall products , More analysis and comparison .