View
Sorting
Products found: 30
Adnovum nevisProxy
nevisProxy is a secure reverse proxy with integrated web application firewall (WAF). It acts as a central upstream entry point for web traffic to integrated online applications. nevisProxy controls user access and protects sensitive data, applications, services, and systems from internal and external threats.
Features and Tasks:
- Protection against denial-of-service attacks
- SSL termination (encryption and acceleration)
- Session and timeout handling (single session)
- SSO (single signon)
- Initialization of multi-step authentication
- Authentication in cooperation with nevisAuth
- Propagation of user identities incl. additional information (roles) in secure token (SAML, JWT, Nevis SecToken, HTTP Header etc.)
- Role-based authorization
- Cookie caching
- Renegotiation of client session association
- Caching and data compression
- Content inspection and validation (HTML, XML, JSON etc.)
- Input validation (black- and whitelists with self-learning)
- Virtual patching enables rapid reaction in case of serious security threats
- URL signing and encryption
Airlock Web Application Firewall
- Secure Reverse Proxy
- Central Checkpoint
- Filtering
- API Security
- Dynamic Whitelisting
- Central Security Hub
- High Availability and Performance
Akamai Kona Web Application Firewall
With Kona WAF you can:
- Reduce the risk of downtime, data theft and security breaches with a WAF that can scale to protect against the largest DoS and DDoS attacks.
- Ensure high performance even during attacks thanks to Akamai’s globally architecture.
- Defending against new and emerging threats with help from Akamai’s Threat Intelligence Team.
- Minimize costs of cloud security by avoiding the need for expensive dedicated hardware.
- Kona WAF provides comprehensive capabilities to protect against application-layer attacks.
- Adaptive rate controls automatically protect against application-layer DDoS and other volumetric attacks by monitoring and controlling the rate of requests against applications.
- Application-layer controls offer pre-defined, configurable WAF rules that govern Request Limit Violations, Protocol Violations, HTTP Policy Violations and more.
- Network-layer controls automatically deflect network-layer DDoS attacks at the network edge and define and enforce IP whitelists and blacklists to restrict requests from certain IP addresses or geographical regions.
- Security monitor provides real-time visibility into security events and enables administrators to drill down into attack alerts.
- Logging features enable you to integrate WAF and event logs with security information and event management to increase your threat posture awareness.
AWS WAF - Web Application Firewall
Barracuda Web Application Firewall
Citrix NetScaler
Cloudflare web application firewall WAF
- Injection
- Broken Authentication and Session Management
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging & Monitoring
- Collective intelligence to identify new threats
- Reputation-based threat protection
- Comment spam protection
- Block or challenge visitors by IP address
- Block or challenge visitors by AS number
- Block or challenge visitors by country code
- User agent blocking
- Zone lockdown
- Security level configuration
DBAPPSecurity DAS-WAF
DBAPPSecurity Web Application Firewall (DAS-WAF), which is the innovative product with our intellectual property, protects Web Application from cyber attacks and control the critical data. It is designed to easily fit into any existing data center environment, rapidly secure and accelerate new and existing Web Applications out of the box. Deployment options include inline as well as offline modes.
DAS-WAF is placed between Web server and internet-facing firewall. All client connection requests received are accepted.
On the Incoming Path
- Terminates application layer protocols for maximum visibility, security and control
- Decrypts SSL traffic
- Normalizes the data to handle multiple encoding format and to detect malicious attacks
- Applies Website user access control check
- In-depth inspects the application layer traffic for any vulnerabilities
- Denies malicious traffic
Data Protection
- Outbound data is inspected for data leak prevention, such as sensitive information, social security number, bank account numbers, and credit card number, etc.
- The data is cloaked to hide server specific information to prevent hackers exploring Web server resources
- Data can be optionally compressed to accelerate the application delivery
- The data is encrypted and sent to the clients of the Web Application
System
- Logs all the data and actions were taken
- Provides a rich set of real-time reporting and alerting features based on the logs, actions and system status.
- Online update can be downloaded automatically from DBAPPSecurity update server.
Features
- Protection against more than 30 common attacks in Web application: After deploying DAS-WAF, the system enables automatic protection against all SQL injections, command injections, configuration injections, LDAP injection, cross-site scripting.
- PCI Compliance: DAS-WAF protect Web application from the OWASP Top 10 threats
- HTTP, HTTPS and FTP protocol compliance: DAS-WAF ensures that all inbound requests comply with the HTTP, HTTPS and FTP specifications respectively
- Outbound data theft protection: DAS-WAF in-depth inspects all server responses for sensitive information leakage. Users can configure custom patterns for data leak prevention.
- Protection against CC (Challenge Collapsar) attack and brute force attack: DAS-WAF can detect where to launch malicious attacks by learning user behavior of URL-based access, and intelligently block such CC attack, Brute Force attack.
- Protection against intellectual property theft: DAS-WAF can detect the intellectual property theft based on the signatures, and available for single theft mode and distributed theft mode.
- Virtual Patches: DAS-WAS enables WEB Application Vulnerability Scanner integration as virtual patches, to remediate the system in more timely fashion.
- Whitelist: It is a positive security model for neutralizing “Zero Day Attacks” which is not anticipated in advance. By Automated Learning, the system generates a positive profile for your application over time. Multiple configurable heuristics determine that anomalous traffic is not used for generation the profile.
- Failed Info Tracking: DAS-WAF can automatically identify failed server responses and classify the information whether it is WEB application error, or a database error, and makes the system remediation easier.
- Anti-tamper: It allows user to detect tampered webpage and prevent attack to publish tampered Webpage on client's server. Anti-tamper function uses G2 digital watermarking technology to detect and deny any tampering in real time.
- Web Application Acceleration: The system can accelerate the application delivery by caching static outgoing content, or compressing outgoing content which can significantly reduce the transmission times.
- Load Balancing (Only in Gateway): DAS-WAF provides the load balancing function to allow adding or removing servers for a protected website, without interrupting the existing traffic.
- Audit Logs: For audit purpose, you can use Audit Logs function to capture all administration and configuration activities of administrator.
DenyAll Web Application Firewall (LTS)
- Web Application Firewall (WAF): to protect the web applications vital to every business against external threats and to assure continuous service.
- Web Services Firewall (WSF): to protect the infrastructure, information networks and application servers against attacks while preventing denial of service and anticipating traffic overload.
- Web Access Management (WAM): to simplify Web access authentication while maintaining a high level of security, without agent deployment on the application server.
F5 Big-IP Application Security Manager
- Automated attacks and bots that overwhelm existing security solutions.
- Web attacks that steal credentials and gain unauthorized access across user accounts.
- Application layer attacks that evade static security based on reputation and manual signatures.
- New attack surfaces and threats due to the rapid adoption of APIs.
- Protect web and mobile applications from malicious bots;
- Safeguard credentials and sensitive data from theft and abuse;
- Defend against sophisticated application denial-of-service (DoS);
- Mitigate sophisticated threat campaigns;
- Protect APIs;
- Ensure application security and compliance;
- Turn on protection immediately;
- Patch vulnerabilities fast;
- Deploy flexibly;
- Defend with proven advanced protections;
- Magnify threat knowledge.
F5 Silverline Web Application Firewall
- Ensure application security and compliance
- Get comprehensive protection from advanced layer 7 attacks, OWASP Top Ten application security risks, and zero-day attacks—and enable compliance with key regulatory mandates.
- Get 24x7x365 expert service
- Receive 24x7x365 access to web application firewall (WAF) experts who build, proactively monitor, and fine-tune WAF policies against known and emerging threats.
- Deploy flexibly across hybrid environments
- Ensure consistent web application security, availability, and user experiences across traditional and cloud data centers.
- Defend with proven security effectiveness
- Leverage security efficacy with technology built on the NSS Labs–recommended F5 BIG-IP® Application Security Manager™ (ASM), based on tests that demonstrate 99.89 percent overall security effectiveness.
- Drive operational and cost efficiencies
- Remove the complexity of WAF management,
- increase the speed to deploy new policies, and
- decrease operational expenses.
- Gain attack insights and intelligence
- Access reports through the cloud-based customer portal and incorporate external intelligence for securing apps against identified threats.
- Drive Efficiencies with a Comprehensive Web Application Firewall Service
- Receive Expert Policy Building and Monitoring
- Hybrid Policy Management and Deployment
- Defend with Proven Security Effectiveness
- Comprehensive Attack Protection
- Built-In Compliance and Reporting Capabilities
- Gain Attack Insights and Intelligence
- Comprehensive Managed Service App Protection
- Streamlined Self-Service App Protection
- The Silverline Cloud-Based Platform
- Flexible Licensing
- Add-On Threat Intelligence Services
- F5 Security Operations Center
Fortinet FortiWeb: Web Application Firewall (WAF)
- Proven Web Application Protection. FortiWeb protects against all the OWASP Top-10 threats, DDoS attacks and many others to defend your mission critical web-based applications
- AI-based Threat Detection. In addition to regular signature updates and many other layers of defenses, FortiWeb’s AI-based, dual-layer machine learning engines protect against zero-day attacks
- Security Fabric Integration. Integration with FortiGate firewalls and FortiSandbox deliver protection from advanced persistent threats
- Advanced Visual Analytics. FortiWeb’s visual reporting tools provide detailed analyses of attack sources, types and other elements that provide insights not available with other WAF solutions
- False Positive Mitigation Tools. Advanced tools that minimize the day-to-day management of policies and exception lists to ensure only unwanted traffic is blocked
- Hardware-based Acceleration. FortiWeb delivers industry-leading protected WAF throughputs and blazing fast secure traffic encryption/decryption
Imperva Web Application Firewall
Indusface IndusGuard
- IndusGuard WAF ensures continuous protection against attacks from hackers that exploit OWASP Top 10 vulnerabilities as well as enhanced application layer DDoS mitigation for bots, http connection abuse, clickjacking, Slowloris, and bandwidth theft.
- Zero False Positives & PCI 6.6 Compliance: Our WAF rules for known vulnerabilities never block legitimate traffic when tuned with IndusGuard Web application scanner. It also facilitates PCI compliance by fulfilling requirement 6.6.
- Continuous expert monitoring to validate efficiency of custom rules, ensure zero false positives, instant mitigation support for application exploitation incidences and detailed inspection of application traffic to analyze and block App DDoS attacks.
Instart Logic Visionary Web Application Firewall and DDOS
- Cross-Site Scripting
- SQL injection
- Slow HTTP DoS
- Cross-Site Request Forgery
NSFOCUS Web Application Firewall (WAF)
Port80 Software ServerDefender VP
ServerDefender VP Web application firewall is designed to provide powerful security against Web attacks in an affordable, easy-to-use package for IIS admins.
Security is the top concern for many organizations when deploying in the cloud. ServerDefender VP provides powerful security for AWS to give you peace of mind for your cloud deployment.
SDVP security for AWS is:
Ideal for Cloud Security
SDVP is a host-based web app firewall that installs right on your cloud instance, and scans all traffic before it hits your site or application.
Built for the System Administrator
Sys admins have enough on their hands. We made SDVP easy to setup and manage, with simple controls and built in powerful reporting and alerting to make life easier, not more difficult.
Stop Common Threats and New Threats
SDVP doesn't use lists of attack signatures to match and stop threats. It uses a rules-based system to provide security against well-known threats as well as new - unknown - threats.
Intuitive Controls to Quickly & Easily Secure
Intuitive user interface makes it easy to configure security and means no lengthy training sessions.
Customize to Your Security Needs
Control every aspect of your site or application's security, for a security policy that fits what you need.
Security for Popular Platforms
Custom pre-installed security profiles for SharePoint, .NetNuke, Outlook Web Access (OWA), WordPress, and Joomla to get started right out of the box.
Privacyware ThreatSentry
ThreatSentry is the leading software–based Web Application Firewall and Host IPS for Microsoft Internet Information Services (IIS). ThreatSentry identifies and blocks web application threats such as Structured Query Language (SQL) Injection, DDoS, Cross Site Request Forgery (CSRF/XSRF), Cross-Site Scripting (XSS) and other types of attacks and helps system administrators comply with regulatory demands such as Section 6.6 of the Payment Card Industry Data Security Standard (PCI DSS). ThreatSentry supports Windows Server 2012, 2008/R2, 2003 and 2000 and IIS8 and IIS 7.x (native module), 6 (ISAPI Extension) and 5 (ISAPI Filter) on 32 and 64 bit systems.
ThreatSentry delivers proactive, multi-layered defense for IIS and prevents attacks from exploiting web application vulnerabilities through a complementary set of integrated components.
- State-of-the-art Web Application Firewall: Provides configurable rules-based control over HTTP/HTTPS request methods (OPTIONS, GET, POST, HEAD), URL Paths, URL Query String length, and HTTP Request Headers, rule-specific URL/s exclusion capabilities, URI Encoding support, Regular Expression support for parameter rules/filtering, etc.
- Fully integrated Firewall: Proprietary NDIS driver delivers flexible network IP blocking (featuring white list, black list and duration control) at TCP/IP and UDP layers for all ports.
- Behavior-based Intrusion Prevention: Adaptive, behavior-based engine (with sensitivity control) analyzes Web traffic patterns to detect new threats and behavioral anomalies and deviations.
- Anti-DoS/DDoS: Configurable request frequency monitor blocks successive requests to individual or all site pages to reduce the risk of DoS and DDoS attacks.
PT Application Firewall
PT Application Firewall is a smart protection solution that offers a serious response to the security challenges created by web portals, ERP, and mobile applications.
Each user group — security staff, network administrators, developers, and SOC operators — has role-based access to data and the admin interface.
Highlights:
- Focus on major threats. Correlation mechanisms reduce the number of alerts and highlight important incidents. Attack chain metrics simplify forensics.
- Instant Blocking. Defends against “self-inflicted” vulnerabilities in custom-built software with virtual patches that protect apps until insecure code is fixed.
- Protection against security bypass. Prevents most firewall bypass methods including HPC, HPP, and Verb Tampering.
- Behavioral analysis against robots. Automated malware protection prevents brute-force attacks, fraud, DDoS attacks, botnets, uncontrolled indexing, and data leakage.
- Evolving Security. Adapts to protect even the most dynamic applications that are constantly being refined and improved.
Источник: https://azuremarketplace.microsoft.com/ru-ru/marketplace/apps/ptsecurity.ptaf?tab=Overview
Radware AppWall - Web Application Firewall (WAF)
The ROI4CIO Product Catalog is a database of business software, hardware, and IT services. Using filters, select IT products by category, supplier or vendor, business tasks, problems, availability of ROI calculator or price calculator. Find the right business solutions by using a neural network search based on the results of deployment products in other companies.