nevisProxy is a secure reverse proxy with integrated web application firewall (WAF). It acts as a central upstream entry point for web traffic to integrated online applications. nevisProxy controls user access and protects sensitive data, applications, services, and systems from internal and external threats.

Features and Tasks:

• Protection against denial-of-service attacks
• SSL termination (encryption and acceleration)
• Session and timeout handling (single session)
• SSO (single signon)
• Initialization of multi-step authentication
• Authentication in cooperation with nevisAuth
• Propagation of user identities incl. additional information (roles) in secure token (SAML, JWT, Nevis SecToken, HTTP Header etc.)
• Role-based authorization
• Cookie caching
• Renegotiation of client session association
• Caching and data compression
• Content inspection and validation (HTML, XML, JSON etc.)
• Input validation (black- and whitelists with self-learning)
• Virtual patching enables rapid reaction in case of serious security threats
• URL signing and encryption

The Airlock Web Application Firewall offers a unique combination of protective mechanisms for web applications. Whether your objective is PCI DSS compliance, security for online banking or protection for eCommerce: Airlock WAF will upgrade security for your internet applications – a permanent solution with a host of well thought-out functionalities. Thanks to Airlock WAF, businesses can exploit the potential of the internet without jeopardizing the security and availability of their web applications and services. Each access is systematically monitored and filtered at every level. Used in conjunction with an authentication solution such as Airlock Login or IAM, Airlock WAF can force upstream user authentication and authorization. This allows a uniform, central single sign-on infrastructure. All important information is also made available via monitoring and reporting functions. Airlock WAF is the only web application security solution on the market that provides superlative end-to-end protection for complex web environments. Airlock WAF - The main features

• Secure Reverse Proxy
• Central Checkpoint
• Filtering
• API Security
• Dynamic Whitelisting
• Central Security Hub
• High Availability and Performance

Airlock WAF is also available as a hardware appliance With the Airlock WAF hardware appliance, setup and going live will be even easier than today. Of course, hardware appliances can be connected to build a failover cluster with active session synchronization.

Ensure web application performance with Akamai’s WAF. Kona Web Application Firewall from Akamai offers effective protection against web application attacks. Globally-distributed across the Akamai Intelligent Platform™, Kona WAF can easily scale to defend against massive application attacks. Deployed at the edge of your network rather than in a data center, Kona WAF can identify and mitigate suspicious traffic without affecting performance or availability of the origin server. Security rules for Kona WAF are continuously refined by Akamai’s Threat Intelligence Team to protect against known attacks and respond to emerging threats.
With Kona WAF you can: 

• Reduce the risk of downtime, data theft and security breaches with a WAF that can scale to protect against the largest DoS and DDoS attacks.
• Ensure high performance even during attacks thanks to Akamai’s globally architecture.
• Defending against new and emerging threats with help from Akamai’s Threat Intelligence Team.
• Minimize costs of cloud security by avoiding the need for expensive dedicated hardware.

Key capabilities of Kona WAF

• Kona WAF provides comprehensive capabilities to protect against application-layer attacks. 
• Adaptive rate controls automatically protect against application-layer DDoS and other volumetric attacks by monitoring and controlling the rate of requests against applications.
• Application-layer controls offer pre-defined, configurable WAF rules that govern Request Limit Violations, Protocol Violations, HTTP Policy Violations and more.
• Network-layer controls automatically deflect network-layer DDoS attacks at the network edge and define and enforce IP whitelists and blacklists to restrict requests from certain IP addresses or geographical regions.
• Security monitor provides real-time visibility into security events and enables administrators to drill down into attack alerts.
• Logging features enable you to integrate WAF and event logs with security information and event management to increase your threat posture awareness.

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules. BENEFITS INCREASED PROTECTION AGAINST WEB ATTACKS AWS WAF protects web applications from attacks by filtering traffic based on rules that you create. For example, you can filter web requests based on IP addresses, HTTP headers, HTTP body, or URI strings, which allows you to block common attack patterns, such as SQL injection or cross-site scripting. SECURITY INTEGRATED WITH HOW YOU DEVELOP APPLICATIONS Every feature in AWS WAF can be configured using either the AWS WAF API or the AWS Management Console. This allows you to define application-specific rules that increase web security as you develop your application. This lets you put web security at multiple points in the development chain, from the hands of the developer initially writing code, to the DevOps engineer deploying software, to the security experts conducting an audit. EASE OF DEPLOYMENT & MAINTENANCE AWS WAF is easy to deploy and protect application(s) deployed on either Amazon CloudFront as part of your CDN solution, the Application Load Balancer that fronts all your origin servers, or Amazon API Gateway for your APIs. There is no additional software to deploy except to enable AWS WAF on the right resource. You can centrally define your rules, and reuse them across all the web applications that you need to protect. IMPROVED WEB TRAFFIC VISIBILITY You can set up AWS WAF to just monitor requests that match your filter criteria. AWS WAF gives near real-time visibility into your web traffic, which you can use to create new rules or alerts in Amazon CloudWatch. COST EFFECTIVE WEB APPLICATION PROTECTION With AWS WAF you pay only for what you use. AWS WAF provides a customizable, self-service offering, and pricing is based on how many rules you deploy and how many web requests your web application receives. There are no minimum fees and no upfront commitments. ENHANCED SECURITY WITH MANAGED RULES With Managed Rules for AWS WAF, you can quickly get started and protect your web application or APIs against common threats such as OWASP Top 10 security risks, threats specific to Content Management Systems (CMS), or emerging Common Vulnerabilities and Exposures (CVE). AWS security sellers will automatically update the managed rules for you as new exploits and bad actors emerge, so that you can spend more time building rather than managing security rules.


 

The Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that target the applications hosted on your web servers—and the sensitive or confidential data to which they have access. Constant Protection from Evolving Threats The Barracuda Web Application Firewall provides superior protection against data loss, DDoS, and all known applicationlayer attack modalities. Automatic updates provide defense against new threats as they apear. As new types of threats emerge, it will acquire new capabilities to block them. Identity and Access Management The Barracuda Web Application Firewall has strong authentication and access control capabilities that ensure security and privacy by restricting access to sensitive applications or data to authorized users. Affordable and Easy to Use Pre-built security templates and intuitive web interface provide immediate security without the need for time-consuming tuning or application learning. Integration with security vulnerability scanners and SIEM tools automates the assessment, monitoring, and mitigation process

 NetScaler, an advanced software-defined application delivery controller, is your networking power player. It provides outstanding delivery of business applications—to any device and any location—with unmatched security, superior L4-7 load balancing, reliable GSLB, and 100 percent uptime. In fact, NetScaler offers up to five times the performance of our closest competitor. Plus our TriScale technology saves you money by allowing your network to scale up or down without additional hardware costs.

Cloudflare security engineers constantly monitor the Internet for new vulnerabilities. Cloudflare’s WAF helps you stay ahead of threats by automatically updating when new security vulnerabilities are released. Rules created by Cloudflare in response to new threats are responsible for mitigating the vast majority of threats on our network. While traditional OWASP rules and customer specific rules are important, they are not enough without Cloudflare's automatic WAF updates. Cloudflare sees roughly 2.9 million requests every second, and our WAF is continually identifying and blocking new potential threats. If you’re using a web application firewall that doesn’t leverage the collective intelligence of other web properties, you need to supply all your own WAF rules from scratch, which means you need to monitor the entire Internet security landscape on your own. Multi-Cloud Holistic Security Framework Cloudflare offers a single source of control for the security of websites, applications, and APIs, hosted across multiple cloud environments. Multi-cloud security provides visibility into security events, while allowing for consistent security controls, across all clouds in which Internet assets are deployed. Any attack traffic seen by Cloudflare is recorded and analyzed. Cloudflare’s network then shields Internet assets across all cloud providers. PCI Compliance Utilizing Cloudflare’s WAF helps you cost effectively fulfill PCI compliance. If you’re a merchant who handles consumer credit card information, PCI DSS 2.0 and 3.0 Requirement 6.6 allows for two options to meet this requirement: Deploy a WAF in front of your website Or, conduct application vulnerability security reviews of all of your in-scope web applications OWASP, Application-Specific, and Custom Rules Cloudflare’s WAF protects your web properties from the OWASP top 10 vulnerabilities by default. These OWASP rules are supplemented by 148 built-in WAF rules that you can apply with the click of a button. Business and Enterprise customers can also request custom WAF rules to filter out specific attack traffic. OWASP Top 10 Vulnerabilities

• Injection
• Broken Authentication and Session Management
• Sensitive Data Exposure
• XML External Entities (XXE)
• Broken Access Control
• Security Misconfiguration
• Cross-Site Scripting (XSS)
• Insecure Deserialization
• Using Components with Known Vulnerabilities
• Insufficient Logging & Monitoring

Protecting Against Zero-Day Vulnerabilities Cloudflare security engineers have dealt with a lot of zero-day vulnerabilities over the years. Read our developer blog to learn how every website on our network benefits from their virtual patches. A Look at the New WP Brute Force Amplification Attack A vulnerability in the XML remote procedure protocol allowed potentially thousands of brute force password attempts in a single HTTP request. The Joomla Unserialize Vulnerability The Joomla Unserialize Vulnerability allowed remote code execution via a poorly sanitized User-Agent and X-Forwarded-For headers. Protection Against Critical Windows Vulnerability (CVE-2015-1635) Cloudflare WAF protected users from a critical bug that allowed unpriviledeged users to hang a Windows web server. Threat Blocking & Privacy Features

• Collective intelligence to identify new threats
• Reputation-based threat protection
• Comment spam protection
• Block or challenge visitors by IP address
• Block or challenge visitors by AS number
• Block or challenge visitors by country code
• User agent blocking
• Zone lockdown
• Security level configuration

DBAPPSecurity Web Application Firewall (DAS-WAF), which is the innovative product with our intellectual property, protects Web Application from cyber attacks and control the critical data. It is designed to easily fit into any existing data center environment, rapidly secure and accelerate new and existing Web Applications out of the box. Deployment options include inline as well as offline modes.

DAS-WAF is placed between Web server and internet-facing firewall. All client connection requests received are accepted.

On the Incoming Path

1. Terminates application layer protocols for maximum visibility, security and control
2. Decrypts SSL traffic
3. Normalizes the data to handle multiple encoding format and to detect malicious attacks
4. Applies Website user access control check
5. In-depth inspects the application layer traffic for any vulnerabilities
6. Denies malicious traffic

Data Protection

1. Outbound data is inspected for data leak prevention, such as sensitive information, social security number, bank account numbers, and credit card number, etc.
2. The data is cloaked to hide server specific information to prevent hackers exploring Web server resources
3. Data can be optionally compressed to accelerate the application delivery
4. The data is encrypted and sent to the clients of the Web Application

System

1. Logs all the data and actions were taken
2. Provides a rich set of real-time reporting and alerting features based on the logs, actions and system status.
3. Online update can be downloaded automatically from DBAPPSecurity update server.

Features

• Protection against more than 30 common attacks in Web application: After deploying DAS-WAF, the system enables automatic protection against all SQL injections, command injections, configuration injections, LDAP injection, cross-site scripting.
• PCI Compliance: DAS-WAF protect Web application from the OWASP Top 10 threats
• HTTP, HTTPS and FTP protocol compliance: DAS-WAF ensures that all inbound requests comply with the HTTP, HTTPS and FTP specifications respectively
• Outbound data theft protection: DAS-WAF in-depth inspects all server responses for sensitive information leakage. Users can configure custom patterns for data leak prevention.
• Protection against CC (Challenge Collapsar) attack and brute force attack: DAS-WAF can detect where to launch malicious attacks by learning user behavior of URL-based access, and intelligently block such CC attack, Brute Force attack.
• Protection against intellectual property theft: DAS-WAF can detect the intellectual property theft based on the signatures, and available for single theft mode and distributed theft mode.
• Virtual Patches: DAS-WAS enables WEB Application Vulnerability Scanner integration as virtual patches, to remediate the system in more timely fashion.
• Whitelist: It is a positive security model for neutralizing “Zero Day Attacks” which is not anticipated in advance. By Automated Learning, the system generates a positive profile for your application over time. Multiple configurable heuristics determine that anomalous traffic is not used for generation the profile.
• Failed Info Tracking: DAS-WAF can automatically identify failed server responses and classify the information whether it is WEB application error, or a database error, and makes the system remediation easier.
• Anti-tamper: It allows user to detect tampered webpage and prevent attack to publish tampered Webpage on client's server. Anti-tamper function uses G2 digital watermarking technology to detect and deny any tampering in real time.
• Web Application Acceleration: The system can accelerate the application delivery by caching static outgoing content, or compressing outgoing content which can significantly reduce the transmission times.
• Load Balancing (Only in Gateway): DAS-WAF provides the load balancing function to allow adding or removing servers for a protected website, without interrupting the existing traffic.
• Audit Logs: For audit purpose, you can use Audit Logs function to capture all administration and configuration activities of administrator.

DenyAll Web Application Firewall provides a multilayered approach to security services to dynamically detect and block malicious content while efficiently passing benign traffic through. This all-in-one solution protects and manages multiple security solutions - Web Application Firewall, Web Services Firewall and Web Access Management - in a single management console (centralized administration station, monitoring, reverse proxy, etc.). The platform also provides cache, acceleration and optimization of your web traffic. Highlights

• Web Application Firewall (WAF): to protect the web applications vital to every business against external threats and to assure continuous service.
• Web Services Firewall (WSF): to protect the infrastructure, information networks and application servers against attacks while preventing denial of service and anticipating traffic overload.
• Web Access Management (WAM): to simplify Web access authentication while maintaining a high level of security, without agent deployment on the application server.

Protect your organization and its reputation by maintaining the confidentiality, availability, and performance of the applications that are critical to your business with F5 Web Application Firewall (WAF) solutions. F5 WAF solutions are deployed in more data centers than any enterprise WAF on the market. The comprehensive suite of F5 WAF solutions includes managed rulesets for Amazon Web Services (AWS); cloud-based, self-service, and managed service in the F5 Silverline cloud-based service delivery platform; application delivery controller (ADC) integration with F5 BIG-IP Application Security Manager (ASM); and F5 Advanced Web Application Firewall (Advanced WAF). Advanced WAF redefines application security to address the most prevalent threats organizations face today:

• Automated attacks and bots that overwhelm existing security solutions.
• Web attacks that steal credentials and gain unauthorized access across user accounts.
• Application layer attacks that evade static security based on reputation and manual signatures.
• New attack surfaces and threats due to the rapid adoption of APIs.

Advanced WAF is built on proven F5 technology and goes beyond reactive security such as static signatures and reputation to proactively detect and mitigate bots, secure credentials and sensitive data, and defend against application denial-of-service (DoS). Advanced WAF delivers flexible and comprehensive protections wherever apps reside and without compromising performance. Advanced WAF is offered as an appliance, virtual edition, and as a managed service—providing automated WAF services that meet complex deployment and management requirements while protecting your apps with great precision. It is the most effective solution for guarding modern applications and data from existing and emerging threats while maintaining compliance with key regulatory mandates. Key benefits:

• Protect web and mobile applications from malicious bots;
• Safeguard credentials and sensitive data from theft and abuse;
• Defend against sophisticated application denial-of-service (DoS);
• Mitigate sophisticated threat campaigns;
• Protect APIs;
• Ensure application security and compliance;
• Turn on protection immediately;
• Patch vulnerabilities fast;
• Deploy flexibly;
• Defend with proven advanced protections;
• Magnify threat knowledge.

F5 Silverline Web Application Firewall is a cloud based service with 24x7x365 support from highly specialized security experts. It helps organizations protect web applications and data, and enable compliance with industry security standards, such as PCI DSS. Silverline Web Application Firewall is available as a fully managed service for comprehensive and customized app protection, or as an express self-service for rapid deployment of expertly maintained policies. Managed service key benefits

• Ensure application security and compliance
• Get comprehensive protection from advanced layer 7 attacks, OWASP Top Ten application security risks, and zero-day attacks—and enable compliance with key regulatory mandates.
• Get 24x7x365 expert service
• Receive 24x7x365 access to web application firewall (WAF) experts who build, proactively monitor, and fine-tune WAF policies against known and emerging threats.
• Deploy flexibly across hybrid environments
• Ensure consistent web application security, availability, and user experiences across traditional and cloud data centers.
• Defend with proven security effectiveness
• Leverage security efficacy with technology built on the NSS Labs–recommended F5 BIG-IP® Application Security Manager™ (ASM), based on tests that demonstrate 99.89 percent overall security effectiveness.
• Drive operational and cost efficiencies
• Remove the complexity of WAF management,
• increase the speed to deploy new policies, and
• decrease operational expenses.
• Gain attack insights and intelligence
• Access reports through the cloud-based customer portal and incorporate external intelligence for securing apps against identified threats. 

What’s Inside

• Drive Efficiencies with a Comprehensive Web Application Firewall Service
• Receive Expert Policy Building and Monitoring
• Hybrid Policy Management and Deployment
• Defend with Proven Security Effectiveness
• Comprehensive Attack Protection
• Built-In Compliance and Reporting Capabilities
• Gain Attack Insights and Intelligence
• Comprehensive Managed Service App Protection
• Streamlined Self-Service App Protection
• The Silverline Cloud-Based Platform
• Flexible Licensing
• Add-On Threat Intelligence Services
• F5 Security Operations Center

FortiWeb Product Details Whether to simply meet compliance standards or to protect mission-critical hosted applications, FortiWeb's web application firewalls provide advanced features that defend web applications from known and zero-day threats. Using an advanced multi-layered and correlated approach, FortiWeb provides complete security for your external and internal web-based applications from the OWASP Top 10 and many other threats. At the heart of FortiWeb are its dual-layer AI-based detection engines that intelligently detect threats with nearly no false positive detections. Features and Benefits

• Proven Web Application Protection. FortiWeb protects against all the OWASP Top-10 threats, DDoS attacks and many others to defend your mission critical web-based applications
• AI-based Threat Detection. In addition to regular signature updates and many other layers of defenses, FortiWeb’s AI-based, dual-layer machine learning engines protect against zero-day attacks
• Security Fabric Integration. Integration with FortiGate firewalls and FortiSandbox deliver protection from advanced persistent threats
• Advanced Visual Analytics. FortiWeb’s visual reporting tools provide detailed analyses of attack sources, types and other elements that provide insights not available with other WAF solutions 
• False Positive Mitigation Tools. Advanced tools that minimize the day-to-day management of policies and exception lists to ensure only unwanted traffic is blocked
• Hardware-based Acceleration. FortiWeb delivers industry-leading protected WAF throughputs and blazing fast secure traffic encryption/decryption

Imperva Web Application Firewall (WAF) analyzes all user access to your business-critical web applications and protects your applications and data from cyber attacks. WAF dynamically learns your applications’ “normal” behavior and correlates this with the threat intelligence crowd-sourced from around the world and updated in real time to deliver superior protection. The industry leading WAF identifies and acts upon dangers maliciously woven into innocent-looking website traffic; traffic that slips right through traditional defenses. This includes blocking technical attacks such as SQL injection, cross-site scripting and remote file inclusion that exploit vulnerabilities in web applications; business logic attacks such as site scraping and comment spam; botnets and DDoS attacks; and preventing account takeover attempts in real-time, before fraudulent transactions can be performed. WAF uses patented Dynamic Application Profiling to learn all aspects of web applications, including the directories, URLs, parameters, and acceptable user inputs to detect attacks with exceptional accuracy and block only bad parties, while eliminating impact to legitimate customers. WAF mitigates both technical attacks such as DDoS and SQL injection, as well as non-technical attacks such as comment spamming and site scraping. OVERVIEW SPECIFICATIONS Protect Your Critical Web Applications and Data Imperva Web Application Firewall (WAF) analyzes all user access to your business-critical web applications and protects your applications and data from cyber attacks. WAF dynamically learns your applications’ “normal” behavior and correlates this with the threat intelligence crowd-sourced from around the world and updated in real time to deliver superior protection. The industry leading WAF identifies and acts upon dangers maliciously woven into innocent-looking website traffic; traffic that slips right through traditional defenses. This includes blocking technical attacks such as SQL injection, cross-site scripting and remote file inclusion that exploit vulnerabilities in web applications; business logic attacks such as site scraping and comment spam; botnets and DDoS attacks; and preventing account takeover attempts in real-time, before fraudulent transactions can be performed. DYNAMIC APPLICATION PROFILING WAF uses patented Dynamic Application Profiling to learn all aspects of web applications, including the directories, URLs, parameters, and acceptable user inputs to detect attacks with exceptional accuracy and block only bad parties, while eliminating impact to legitimate customers. WAF mitigates both technical attacks such as DDoS and SQL injection, as well as non-technical attacks such as comment spamming and site scraping. GRANULAR CORRELATION POLICIES REDUCE FALSE POSITIVES WAF distinguishes attacks from unusual, but legitimate, behavior by correlating web requests across security layers and over time. Correlated Attack Validation capability examines multiple attributes such as HTTP protocol conformance, profile violations, signatures, special characters, and user reputation, to accurately alert on or block attacks with the lowest rate of false positives in the industry. FLEXIBLE DEPLOYMENT OPTIONS WAF can be deployed as a physical or virtual appliance on-premises, and as a virtual image on Amazon Web Services or Microsoft Azure. Physical appliance deployments are particularly flexible in that they allow WAF to run transparently, requiring virtually no changes to the customer’s network. And granular policy controls enable superior accuracy and unequaled control to match each organization’s specific protection requirements. DEEP THREAT INTELLIGENCE To protect against today’s well resourced cyber-criminals, it is vital to have an advanced warning system that is aware of and protects against constantly evolving web-based attacks. Imperva ThreatRadar updates WAF with real-time threat intelligence crowd-sourced from around the world and curated by Imperva Application Defense Center. ThreatRadar provides better protection, improves WAF accuracy, and makes the security team more efficient by proactively filtering traffic from known bad sources so the security team can focus on what is really important. The following ThreatRadar intelligence feeds are available: Reputation Services: Filters traffic based upon latest, real-time reputation of source Community Defense: Adds unique threat intelligence crowd-sourced from Imperva users Bot Protection: Detects botnet clients and application DDoS attacks Account Takeover Protection: Protects website user accounts from attack and takeover Fraud Prevention: Simplifies deployment of best-in-class partner fraud prevention solutions VIRTUAL PATCHING WAF can perform “virtual patching” for your web applications via vulnerability scanner integration. Instead of leaving a web application exposed to attack for weeks or months while code is modified after discovering a vulnerability, virtual patching actively protects web applications from attacks to reduce the window of exposure, and decreases the costs of emergency fix cycles until you are able to patch them. CUSTOMIZABLE REPORTS FOR COMPLIANCE AND FORENSICS WAF rich graphical reporting capabilities enable customers to easily understand security status and meet regulatory compliance. WAF provides both pre-defined and fully-customizable reports. This enables you to quickly assess your security status and streamline demonstration of compliance with PCI, SOX, HIPAA and FISMA and other compliance standards. MONITORING FOR IN-DEPTH ANALYSIS OF ATTACKS Alerts can be easily searched, sorted, and directly linked to corresponding security rules. WAF monitoring and reporting framework provides instant visibility into security, compliance, and content delivery concerns. A real-time dashboard provides a high-level view of system status and security events.

IndusGuard Web Application Firewall is an operational security control that monitors the inbound/outbound HTTP/S traffic in order to safeguard the critical data and protect Web applications from attacks. An Application can be vulnerable regardless of the cautious development of application code. These vulnerabilities may prove to be disastrous for the brand reputation, thereby losing the customer trust and business revenue directly. Securing an Application, therefore holds as much importance as preventing exceptions, either in security policy, or in the underlying system vulnerabilities in their design, development or deployment. IndusGuard WAF assists in securing a Web Application structure by monitoring the HTTP and HTTPS traffic and protecting the Web Application from malicious attacks in real time. It is industry’s first WAF to guarantee Zero WAF False Positive. It is also the only Security-as-a-Service (SECaaS) WAF to offer integrated fully managed application DDoS solution that blocks application layer attacks by combining human intelligence based expert tuning along with application profiling. Highlights:

• IndusGuard WAF ensures continuous protection against attacks from hackers that exploit OWASP Top 10 vulnerabilities as well as enhanced application layer DDoS mitigation for bots, http connection abuse, clickjacking, Slowloris, and bandwidth theft.
• Zero False Positives & PCI 6.6 Compliance: Our WAF rules for known vulnerabilities never block legitimate traffic when tuned with IndusGuard Web application scanner. It also facilitates PCI compliance by fulfilling requirement 6.6.
• Continuous expert monitoring to validate efficiency of custom rules, ensure zero false positives, instant mitigation support for application exploitation incidences and detailed inspection of application traffic to analyze and block App DDoS attacks.

Our web app firewall (WAF), which was named a Visionary by Gartner is pre-configured with advanced threat intelligence to protect from a wide variety of attacks including OWASP Top 10 vulnerabilities:

• Cross-Site Scripting
• SQL injection
• Slow HTTP DoS
• Cross-Site Request Forgery

Instart Logic also offers comprehensive distributed denial of service (DDOS) attack protection using our globally distributed platform to absorb and mitigate attacks. As an internet-scale service provider, our global-ready infrastructure ensures a best-in-class protection for your online presence.

The WAF serves as an essential part of an intelligent hybrid security architecture by providing advanced inspection and specialized security for the web application layer. It also includes up to 1 Gbps of DDoS protection from other volumetric and application layer attacks, including TCP flood and HTTP/S GET/ POST floods. Additionally, if deployed in conjunction with a higher capacity NSFOCUS ADS Series Anti-DDoS appliance, the WAF can direct flows in real-time to the ADS to keep your servers running under the most extreme conditions. Features and Benefits Prevent Theft of Critical Data Data breaches are extremely complex and surprisingly frequent. The NSFOCUS WAF offers powerful protection against web attacks with a complete set of signatures for web vulnerabilities and the ability to detect unauthorized file uploads. WAF enforces access control policy from layer 4 through layer 7, to prevent access to data without proper authorization. In the later phases of an attack, WAF provides outbound data leakage detection, including illegal file download detection, web shell prevention, and filtering of sensitive information (such as credit card numbers and social security numbers). Ensure Website Availability The NSFOCUS WAF offers a built-in anti-DDoS module to protect against TCP flood attacks, HTTP/S GET/POST flood attacks and slow rate attacks up to 1Gbps. The WAF employs access rate thresholding, IP reputation and algorithm-based protection mechanisms. Coupled with the NSFOCUS ADS anti-DDoS product line, higher rate DDoS attacks can be thwarted. Close the PCI DSS Compliance Gap The NSFOCUS WAF provides reports for PCI audits as well as suggestions for policy tuning and configuration in order to help ensure compliance with PCI DSS. Protections like the cookie security feature within the WAF protects against cookie tampering and cookie poisoning in compliance with section 6.5.10 in the new PCI 3.2 standard.

ServerDefender VP Web application firewall is designed to provide powerful security against Web attacks in an affordable, easy-to-use package for IIS admins.

Security is the top concern for many organizations when deploying in the cloud. ServerDefender VP provides powerful security for AWS to give you peace of mind for your cloud deployment.

SDVP security for AWS is:

Ideal for Cloud Security

SDVP is a host-based web app firewall that installs right on your cloud instance, and scans all traffic before it hits your site or application.

Built for the System Administrator

Sys admins have enough on their hands. We made SDVP easy to setup and manage, with simple controls and built in powerful reporting and alerting to make life easier, not more difficult.

Stop Common Threats and New Threats

SDVP doesn't use lists of attack signatures to match and stop threats. It uses a rules-based system to provide security against well-known threats as well as new - unknown - threats.

Intuitive Controls to Quickly & Easily Secure

Intuitive user interface makes it easy to configure security and means no lengthy training sessions.

Customize to Your Security Needs

Control every aspect of your site or application's security, for a security policy that fits what you need.

Security for Popular Platforms

Custom pre-installed security profiles for SharePoint, .NetNuke, Outlook Web Access (OWA), WordPress, and Joomla to get started right out of the box.

ThreatSentry is the leading software–based Web Application Firewall and Host IPS for Microsoft Internet Information Services (IIS). ThreatSentry identifies and blocks web application threats such as Structured Query Language (SQL) Injection, DDoS, Cross Site Request Forgery (CSRF/XSRF), Cross-Site Scripting (XSS) and other types of attacks and helps system administrators comply with regulatory demands such as Section 6.6 of the Payment Card Industry Data Security Standard (PCI DSS). ThreatSentry supports Windows Server 2012, 2008/R2, 2003 and 2000 and IIS8 and IIS 7.x (native module), 6 (ISAPI Extension) and 5 (ISAPI Filter) on 32 and 64 bit systems.

ThreatSentry delivers proactive, multi-layered defense for IIS and prevents attacks from exploiting web application vulnerabilities through a complementary set of integrated components.

• State-of-the-art Web Application Firewall: Provides configurable rules-based control over HTTP/HTTPS request methods (OPTIONS, GET, POST, HEAD), URL Paths, URL Query String length, and HTTP Request Headers, rule-specific URL/s exclusion capabilities, URI Encoding support, Regular Expression support for parameter rules/filtering, etc.
• Fully integrated Firewall: Proprietary NDIS driver delivers flexible network IP blocking (featuring white list, black list and duration control) at TCP/IP and UDP layers for all ports.
• Behavior-based Intrusion Prevention: Adaptive, behavior-based engine (with sensitivity control) analyzes Web traffic patterns to detect new threats and behavioral anomalies and deviations.
• Anti-DoS/DDoS: Configurable request frequency monitor blocks successive requests to individual or all site pages to reduce the risk of DoS and DDoS attacks.

PT Application Firewall is a smart protection solution that offers a serious response to the security challenges created by web portals, ERP, and mobile applications.

Each user group — security staff, network administrators, developers, and SOC operators — has role-based access to data and the admin interface.

Highlights:

• Focus on major threats. Correlation mechanisms reduce the number of alerts and highlight important incidents. Attack chain metrics simplify forensics.
• Instant Blocking. Defends against “self-inflicted” vulnerabilities in custom-built software with virtual patches that protect apps until insecure code is fixed.
• Protection against security bypass. Prevents most firewall bypass methods including HPC, HPP, and Verb Tampering.
• Behavioral analysis against robots. Automated malware protection prevents brute-force attacks, fraud, DDoS attacks, botnets, uncontrolled indexing, and data leakage.
• Evolving Security. Adapts to protect even the most dynamic applications that are constantly being refined and improved.

Источник: https://azuremarketplace.microsoft.com/ru-ru/marketplace/apps/ptsecurity.ptaf?tab=Overview

AppWall is an ICSA Labs certified and PCI compliant WAF that combines positive and negative security models to provide complete protection against web application attacks, web application attacks behind CDNs, API manipulations, advanced HTTP attacks (slowloris, dynamic floods), brute force attacks on login pages and more. A core and integrated part of Radware's Attack Mitigation Solution – a complete application and network security suite. AppWall is a web application firewall (WAF) that provides patent-protected technology to create and maintain security policies in real-time for widest security coverage with the lowest false positives and minimal operational effort. Radware’s Web application security technology features a variety of deployment modes – as a stand-alone or integrated on an ADC, on-premise and in the cloud, inline or out-of-band. What Makes AppWall a Better Web Application Firewall (WAF)? Protection from Zero-Day Web Attacks Using both negative (signature based) and positive security models - AppWall is a web application firewall (WAF) that features not only the lowest false positives and minimal operational effort, but also robust protection against known and unknown (Zero-day) threats. Reduced TCO with Lowest False Positives Unique Auto Policy Generation technology designed to secure a web application as automatically as possible with little or limited user interaction. AppWall is a web application firewall (WAF) that analyzes the protected Web application and derives the potential threats in it. It then generates individual, granular protection rules and sets a policy in blocking mode - thus eliminating the need for human intervention and saving on maintenance and labor resources. Continuous Security Delivery First web application firewall (WAF) to provide a real-time security patching solution for Web applications in continuous application deployment environments via a tight integration with Dynamic Application Security Testing (DAST) solutions. Device Fingerprinting for Bot Protection AppWall is an IP agnostic web-application security solution. It disregards IP source address context to protect from dynamic IP attacks. The power of the fingerprint is in the consolidated information extracted from dozens of browser attributes collected on the client side, facilitating accurate bot classification. Unique Out-of-Path Deployment with Full Mitigation AppWall is the only web application firewall (WAF) that can be deployed out-of-path while still providing full mitigation. As part of Radware's integrated Attack Mitigation Solution, AppWall can communicate attack footprint and blocking policies to Radware’s perimeter attack-mitigation device, DefensePro, so the attack is blocked at the perimeter and the rest of the network is protected. Full Coverage of OWASP Top-10 Out-of-the-box Including injections, cross-site scripting (XSS), cross-site request forgery (CSRF), broken authentication and session management and security misconfiguration. Data Leak Prevention Identifying and blocking sensitive information transmission such as credit card numbers (CCN) and social security numbers (SSN). Integrated Application Security & Application Delivery AppWall is an integral part of Radware's Application Delivery Controller (ADC) solution suite, which allows customers to augment their web application security protection with local and global traffic redirection, application acceleration, bandwidth management, and other application-aware services, while benefitting from a single hardware platform. Easy Migration From Test Environments to Production An AppWall VA can be deployed with the application in the production environment or – if deployed in a lab – policy is easily migrated to the AppWall appliance in production. This approach simplifies the integration and shortens the deployment time of new applications and services in the virtualized and cloud data centers. ICSA Labs Certified WAF Recognized for both the appliance and VM versions, ICSA Labs certifies AppWall for its depth and breadth of vulnerability protection, effectiveness, ease of implementation and low operation overhead. Comprehensive PCI Compliance Solution AppWall enables organizations to fully comply with PCI DSS section 6.6 requirements and includes the most advanced security graphical reports to convey visibility into the application security and detected attacks.