Problem
Moving the business online will present some new security risks, placing more reliance on digital technologies such as an e-commerce website, online credit card processing, customer data processing and the use of productivity tools like email, cloud-based video conferencing and file storage services for the staff members remotely working from home.
The company is concerned with web application vulnerabilities and common security threats that include Structured Query Language (SQL) injection, cross-site scripting (XSS) and distributed denial-of-service (DDoS). They are also concerned with hackers intercepting and modifying email between staff members and customers, The company has hired you as part of its new network and IT security team to coordinate the network security and transition of the business online.
Task
1. The Chief Information Officer (CIO) at Sweet Tooth has advised that you install and configure a web application firewall to monitor HTTP traffic between the e-commerce website and the Internet.
2. Describe in detail how a web application firewall can be used to prevent common web security threats in the scenario.
3. Describe two limitations of web application firewalls.
4. Explain the importance of vulnerability assessments and describe one method you will use to detect suspicious activities on the company's network.