18.10: Deploy Web Application Firewalls

CSF v1.1 References:

PF v1.0 References:


Info icon.

The next version of the control set incorporates all or part of this control into: 13.10: Perform Application Layer Filtering.

Control Statement

Protect web applications by deploying web application firewalls (WAFs) that inspect all traffic flowing to the web application for common web application attacks. For applications that are not web-based, specific application firewalls should be deployed if such tools are available for the given application type. If the traffic is encrypted, the device should either sit behind the encryption or be capable of decrypting the traffic prior to analysis. If neither option is appropriate, a host-based web application firewall should be deployed.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]