Web Application Attacks specifically attacks the security of websites, web applications and web services, as well as the underlying communication protocols and hosting infrastructure (Wikipedia).
The real world equivalent would involve using social engineering, or any other trickery, in order to gain access an organization’s offices, to photocopy their confidential records.
As standard each Network Box Anti-DDoS WAF+ system is provided pre-configured with rules against common attacks, such as SQL Injection and Cross-site Scripting. However, it is also possible to customize each Network Box Anti-DDoS WAF+ system, to protect against specific kinds of attack which are made against specific web applications. Such flexibility allows a large array of different kinds of attack to be identified and blocked. Over time, as each protected web application is modified and updated, the Network Box Anti-DDoS WAF+ system can also be similarly modified and updated, to ensure effective on-going protection.
Popular web server and application software packages such as Apache, IIS, Drupal and Mediawiki are well catered for; the Network Box Anti-DDoS WAF+ protects these systems as standard. False positives are kept as low as possible, with the goal of never disallowing any authorized requests. The defensive strength of the default settings are maximized, and augmented by the power and accuracy of a state-of-the art real-time automated threat fingerprinting engine. This combination ensures as many incoming threats as possible can be blocked, using the minimum of effort. Brute force protection is built in as standard.
Below are three typical examples of the WAF in action:
The WAF blocks malicious requests sent by attackers from reaching the server.
The WAF allows legitimate users access to the web server.
The WAF analyzes both incoming and outgoing traffic. If the outgoing data is not a typical response, as in the case of an implicit attacker, the data is blocked.
The highly flexible Network Box Anti-DDoS WAF+ system, allows for load balanced, high availability and clustered configurations, to maximize both performance and business continuity. Web traffic can be actively blocked and logged, passively logged, or bypassed and allowed to pass through. The system also offers both positive and negative security model support.