DBAPPSecurity DAS-WAF
1.00

Problems that solves

No IT security guidelines

Unauthorized access to corporate IT systems and data

Malware infection via Internet, email, storage devices

Risk of attacks by hackers

Risk of data loss or damage

Risk of lost access to data and IT systems

Non-compliant with IT security requirements

Risk or Leaks of confidential information

Values

Reduce Costs

Ensure Security and Business Continuity

Ensure Compliance

DBAPPSecurity DAS-WAF

DAS-WAF provides full solutions for web application with real-time deep protection, web application accelerating and sensitive information leakage prevention against any kind of web attacks.

Description

DBAPPSecurity Web Application Firewall (DAS-WAF), which is the innovative product with our intellectual property, protects Web Application from cyber attacks and control the critical data. It is designed to easily fit into any existing data center environment, rapidly secure and accelerate new and existing Web Applications out of the box. Deployment options include inline as well as offline modes.

DAS-WAF is placed between Web server and internet-facing firewall. All client connection requests received are accepted.

On the Incoming Path

  1. Terminates application layer protocols for maximum visibility, security and control
  2. Decrypts SSL traffic
  3. Normalizes the data to handle multiple encoding format and to detect malicious attacks
  4. Applies Website user access control check
  5. In-depth inspects the application layer traffic for any vulnerabilities
  6. Denies malicious traffic

Data Protection

  1. Outbound data is inspected for data leak prevention, such as sensitive information, social security number, bank account numbers, and credit card number, etc.
  2. The data is cloaked to hide server specific information to prevent hackers exploring Web server resources
  3. Data can be optionally compressed to accelerate the application delivery
  4. The data is encrypted and sent to the clients of the Web Application

System

  1. Logs all the data and actions were taken
  2. Provides a rich set of real-time reporting and alerting features based on the logs, actions and system status.
  3. Online update can be downloaded automatically from DBAPPSecurity update server.

Features

  • Protection against more than 30 common attacks in Web application: After deploying DAS-WAF, the system enables automatic protection against all SQL injections, command injections, configuration injections, LDAP injection, cross-site scripting.
  • PCI Compliance: DAS-WAF protect Web application from the OWASP Top 10 threats
  • HTTP, HTTPS and FTP protocol compliance: DAS-WAF ensures that all inbound requests comply with the HTTP, HTTPS and FTP specifications respectively
  • Outbound data theft protection: DAS-WAF in-depth inspects all server responses for sensitive information leakage. Users can configure custom patterns for data leak prevention.
  • Protection against CC (Challenge Collapsar) attack and brute force attack: DAS-WAF can detect where to launch malicious attacks by learning user behavior of URL-based access, and intelligently block such CC attack, Brute Force attack.
  • Protection against intellectual property theft: DAS-WAF can detect the intellectual property theft based on the signatures, and available for single theft mode and distributed theft mode.
  • Virtual Patches: DAS-WAS enables WEB Application Vulnerability Scanner integration as virtual patches, to remediate the system in more timely fashion.
  • Whitelist: It is a positive security model for neutralizing “Zero Day Attacks” which is not anticipated in advance. By Automated Learning, the system generates a positive profile for your application over time. Multiple configurable heuristics determine that anomalous traffic is not used for generation the profile.
  • Failed Info Tracking: DAS-WAF can automatically identify failed server responses and classify the information whether it is WEB application error, or a database error, and makes the system remediation easier.
  • Anti-tamper: It allows user to detect tampered webpage and prevent attack to publish tampered Webpage on client's server. Anti-tamper function uses G2 digital watermarking technology to detect and deny any tampering in real time.
  • Web Application Acceleration: The system can accelerate the application delivery by caching static outgoing content, or compressing outgoing content which can significantly reduce the transmission times.
  • Load Balancing (Only in Gateway): DAS-WAF provides the load balancing function to allow adding or removing servers for a protected website, without interrupting the existing traffic.
  • Audit Logs: For audit purpose, you can use Audit Logs function to capture all administration and configuration activities of administrator.