network background popup

Web Application Firewall(WAF)

DOSarrest's WAF is the one of the best cloud based WAF's available today. Why ? because its not reliant on a massive database of known malicious signatures that requires constant updates of new signatures when they become known. This inferior but still widely employed method is also known as a "Negative Security " model. DOSarrest's WAF is based on a "Positive Security " model.

Related Blog Article: The Difference Between Positive VS Negative WAF Related Blog Article: Understanding Positive and Negative model Firewalls and WAFs
DDoS
DDoS

Do I need to use a WAF ?

If the code on your webserver is up to date, patches are applied as soon as they become available and you are doing regular Vulnerability Testing , you can get away with not utilizing a WAF…maybe. In today's typical website environment, where websites are sometimes being updated, changed, application add-ons added and removed, etc on a daily or weekly basis, security holes can be inadvertently exposed. A well managed WAF is added protection. The best way to think of it is, it's like a "Virtual Patch".

Request a Quote

Cloud Based WAF

web-application-firewall-waf

DOSarrest's Cloud based WAF, allows customers to easily block any Layer 7 threat as well as define any rule-set that may be specific to one or more applications that may be running on their webserver. Enabling WAF protection provides customers with all of OWASP's CRS(Core Rules Set or top 10) Which includes :

  • Remote file inclusion
  • Cross Site Scripting (XSS)
  • SQL Injection
  • Cross Site Request Forgery (CSRF)
  • Un-validated Redirects
  • Sensitive Data Exposure

Any new vulnerabilities or zero day attacks that may be uncovered such as Heartbleed, Poodle, etc are already in place, because we are not like the other cloud based services, we use a positive security based model WAF. Zero day attacks are pretty much a thing of the past. No need to apply patches in the middle of the night to keep your webserver safe.

Most other WAF appliances and services rely on signatures or pattern matches to protect webservers, the problem with this method is that, new variations or small modifications to a particular string of malicious code can slip through and cause problems.

The WAF service inspects and analyses every packet at these levels:

  • URL and Arguments
  • HTTP Header (including Cookies)
  • SQL Injection
  • Body

Flexibility- The WAF service can be configured to apply to every directory on a website or only on specific URI's

White Listing

Some rules can be too strict for some websites, which can cause the website to not function properly. In such cases Whitelists allow you to use some forbidden symbols and rules when you need them. A white list can be applied site wide or on a particular URI. Our WAF service allows customers to employ "Learning Mode" which allows you to log and see violations but allows the request to go through. Customers can use learning mode to see and understand if their WAF configuration is too strict and make adjustments or white-list. As with all of our services it's up to you, our 24/7 SOC can manage this for you if you'd like.