Web applications are increasingly becoming targets of attacks such as cross-site scripting, SQL injection, and application DDoS. While OWASP provides guidance on writing applications that can make them more resistant to such attacks, it requires rigorous maintenance and patching at multiple layers of application topology. MicrosoftWeb Application Firewall (WAF)andAzure Security Center (ASC)can help secure web applications against such vulnerabilities.
Microsoft WAF is a feature ofAzure Application Gateway(layer 7 load balancer) that protects web applications against common web exploits usingOWASP core rule sets. Azure Security Center scans Azure resources for vulnerabilities and recommends mitigation steps for those issues. One such vulnerability is the presence of web applications that are not protected by WAF. Currently, Azure Security Center recommends a WAF deployment for public facing IPs that have an associated network security group with open inbound web ports (80 and 443). Azure Security Center offersprovisioning of application gateway WAFto an existing Azure resource as well as adding a new resource to an existing web application firewall. By integrating with WAF, Azure Security Center can analyze its logs and surface important security alerts.