Web Application Firewalls (WAF)

Web application firewalls (WAF) are a new breed of information security technology designed to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't, and they do not require modification of application source code.

PROBLEMS without a WAF
1. Web Application security is about the application and therefore about the developer and secure coding. Most of the programmatic errors that lead to vulnerabilities and subsequently exploitation can be traced to a lack of secure coding practices, particularly around the validation of user input (which should never, ever be trusted). Whether it’s XSS (Cross Site Scripting) or SQL Injection, the root of the problem is that malicious data or code is submitted to an application and not properly ferreted out by sanitization routines written by developers, for whatever reason.

2. But there are a number of “web application” attacks that have nothing to do with developers and code, and are, in fact, more focused on the exploitation of protocols. TCP and HTTP can be easily manipulated in such a way as to result in a successful attack on an application without breaking any RFC or W3C standard that specifies the proper behaviour of these protocols. Worse, the application developer really can’t do anything about these types of attacks because they aren’t aware they are occurring

WAF protects Web applications and Web services from malicious attacks, and can also increase the performance and scalability of these applications. The Web Application Firewall offers every capability needed to deliver, secure and manage enterprise Web applications from a single appliance through an intuitive, real-time user interface.

• Single point of protection for inbound and outbound traffic for all Web applications
• Protects Web sites and Web applications against application layer attacks
• Delivers best practices security right out of the box
• Monitors traffic and provides reports about attackers and attack attempts

Discuss with our Experts how we can secure your Applications and your WEB!

Our Location

Dubai Silicon Oasis Authority,
Headquarters Building
B Wing, Office No. 204
P.O. Box 341061 Dubai, U.A.E.
Tel:  +971 4 501 5457
Fax: +971 4 501 5456
Email: info@ispin.ae

Newsletter