|
Application Security or web security appliances include web application and XML firewalls that protect, balance, and accelerate web applications, databases, as well as the information exchanged between them. These devices are designed for medium and large enterprises, SaaS providers and
application service providers; and can dramatically educe the deployment time and complexities of introducing web-based applications. Application firewalls apply industry-leading threat
research to protect web-based applications, improving the security of confidential information and aiding in legislative and PCI compliance. Some Application Firewalls go beyond the
traditional web application firewalls to provide XML security enforcement, application
acceleration, and server load balancing.
In addition to security, these devices leverage an intelligent, application-aware load-balancing engine to distribute traffic and route content across multiple web servers. This load balancing increases resource utilization, application stability, and server response times. Web application traffic is further accelerated by an independent SSL and XML encryption processor, which
increases transaction throughput and reduces processing requirements on the web servers.
Requirement 6 of PCI-DDS, states that specific functionality in an Application Firewall is to be included.
Application Firewall Capabilities |
Web Application Firewall
Technologies:
- Signature and pattern detection engine
- Threshold based limits
- Session management and flow enforcement
- Customizable input parameter validation rules
- Parameter, forms tampering and form field meta data validation
Threats Mitigated:
- Cross Site Scripting (XSS)
- SQL and OS command Injection
- Cross site request forgery
- Outbound data leakage
- HTTP request smuggling
- Buffer overflow
- Remote file inclusion attacks
- Encoding attacks
- Cookie tampering/Poisoning
- Session hijacking
- Broken access control
- Forceful browsing/directory traversal/site recon/ Google hacking
- OWASP Top 10
|
Performance Optimization
- Offload HTTPS processing
- TCP optimization
- Offload XML security validation
- Offload XML encryption/decryption processing
- Load balancing
- Maximize availability of web applications
|
XML Firewall
Technologies:
- XML content-based routing
- XML firewall
- XML IPS
- XML schema validation
- WSDL verification
- XML expression limits
- Source IP policies
Threats Mitigated:
- SQL injection protection
- Buffer overflow
- Denial of Service Attacks
- Schema poisoning
- XML parameter tampering
- WSDL Scanning
- Oversized payload
- Recursive Payload
- External entity attack
|
|
