Venusense Web Application Firewall (WAF)

Venusense Web Application Firewall (WAF) is a new generation of Web security protection and application delivery product developed by Venustech. It mainly provides HTTP/HTTPS traffic analysis for Web servers, prevents attacks aimed at Web application vulnerabilities, optimizes Web application accesses to improve the availability, performance, and security of Web/network protocol based applications and ensure the quick, secure, and reliable delivery of Web service applications. Features: ● Web attack prevention －SQL injection attack prevention (based on the advanced patented algorithm) －XSS attack prevention (based on the advanced patented algorithm) －Malicious Web scanning prevention (supports virtual patching) －Application layer DoS attack prevention －HTTPS SSL3.0/TLS1.0/TLS1.1/TLS1.2. ● Unauthorized Web access prevention －CSRF attack prevention (supports self-learning) －Cookie tamper prevention (supports self-learning) －Website hotlink prevention ● Malicious Web code prevention －Webpage embedded Trojan prevention (based on the patented advanced algorithm) －WebShell prevention ● Web application compliance －URL-based access control －HTTP protocol compliance (supports machine self-learning) －Sensitive information leakage prevention －File upload and download control －Web form keyword filtering ● Web application delivery －Webpage defacement prevention －URL-based traffic control －Web application acceleration －Server load balancing Value: Venusense WAF uses a set of HTTP session policies that can protect security from common Web attacks such as SQL injection and XSS. Users can customize policies in order to recognize and block more attacks and mitigate Web security problems that cannot be resolved by using traditional security devices such as firewalls and UTMs. Venusense WAF does well in Web security protection and application delivery, provides the professional Web attack prevention capability, and brings an integrated Web security solution that is easy to deploy and manage. 4Advantages: ● Leading Web security delivery and security protection capabilities in the industry: Integrates Web attack prevention, malicious Web code prevention, unauthorized Web access prevention, Web application compliance, and Web application delivery acceleration to build an excellent Web security delivery platform. ● Complete and effective Web attack detection: Integrates VXID detection, event signature detection, customized event signature detection, and self-learning modeling detection to prevent known Web attacks such as SQL injection attacks, XSS attacks, and CSRF attacks and protect against special attacks and unknown attacks by using detection measures such as customized event signature and self-learning modeling. ● Quick response to Web attack events: Has a built-in Web prevention event library, provides periodical upgrade and immediate upgrade once upon emergent Web events, quickly responds to latest, emergent, or hotspot Web attack events. With a large number of vulnerability discoverers and analysts, Venustech's ADLab has independently discovered the most CVE vulnerabilities in China. Deployment: ● Bridge mode In bridge mode, users do not need to change the original network topology and configurations, to protect the Web server. ● Proxy mode In proxy mode, the actual IP address of the Web server can be hidden to access users, to protect the Web server. ● One-arm mode The one-arm mode is similar to one-arm routing, in which WAF is physically deployed in bypass mode and logically deployed in path mode. In one-arm mode, attacks from the network application layer can be blocked. When WAF becomes unavailable, service traffic will not be blocked. In this mode, only one network interface is used to filter internal network traffic. Users do not need to change the physical network structure and IP settings, so configuration can be completed quickly. ● BYPASS As a serial access security device, WAF provides the software BYPASS function and hardware BYPASS function in bridge deployment mode to ensure smooth service links. Certifications and Honors: ● EAL3 Plus Certificate (Megabit, Gigabit, Ten-Gigabit) ● CVE Certificate ● Web Application Firewall Certificate issued by OWASP China ● IPv6 Ready Logo Phase 2 Gold Accreditation Certificate