Web Application Security

NSFOCUS understands how critical your web servers and applications are to your business and we have designed a closed-loop web application security solution to protect you from web attacks, data breaches and downtime.  This solution includes website protection through our Web Application Firewall (WAF) and pro-active vulnerability assessment using our Web Vulnerability Scanning System (WVSS).

NSFOCUS Web Application Firewall (WAF)
The NSFOCUS Web Application Firewall (WAF) protects critical web servers and applications from the latest attacks, data breaches and downtime. Providing full protection against the top 10 threats identified by the Open Web Application Security Project (OWASP) and more, the NSFOCUS WAF uses an innovative combination of proxy based positive and negative security models as well as application profile learning to deliver advanced application layer security. The WAF can operate as a standalone unit or in conjunction with the ADS Series for defense-in-depth security.

Features and Benefits
Prevent Theft of Critical Data
Data breaches are extremely complex and surprisingly frequent. The NSFOCUS WAF offers powerful protection against web attacks with a complete set of signatures for web vulnerabilities and the ability to detect unauthorized file uploads. WAF enforces access control policy from layer 4 through layer 7, to prevent access to data without proper authorization. In the later phases of an attack, WAF provides outbound data leakage detection, including illegal file download detection, web shell prevention, and filtering of sensitive information (such as credit card numbers and social security numbers).

Ensure Website Availability
The NSFOCUS WAF offers a built-in anti-DDoS module to protect against TCP flood attacks, HTTP/S GET/POST flood attacks and slow rate attacks up to 1Gbps. The WAF employs access rate thresholding, IP reputation and algorithm-based protection mechanisms. Coupled with the NSFOCUS ADS anti-DDoS product line, higher rate DDoS attacks can be thwarted.

Close the PCI DSS Compliance Gap
The NSFOCUS WAF provides reports for PCI audits as well as suggestions for policy tuning and configuration in order to help ensure compliance with PCI DSS. Protections like the cookie security feature within the WAF protects against cookie tampering and cookie poisoning in compliance with section 6.5.10 in the new PCI 3.2 standard.

NSFOCUS Web Vulnerability Scanning System (WVSS)
The NSFOCUS Web Vulnerability Scanning System (WVSS) helps to secure your website by identifying real vulnerabilities in your web applications and servers. It incorporates more than 10 years of expert research and hands-on experience in application security. The WVSS system simulates website visitor behavior including button clicks, cursor movement and the completion of complex forms to pro-actively identify unexpected vulnerabilities that can be exploited by hackers. It provides actionable analysis and reporting with an easy-to-read, prioritized remediation plan to improve the security of your websites.

Features and Benefits
Accurate Analysis Using the Latest Threat Intelligence
The NSFOCUS WVSS uses OWASP and WASC vulnerability templates and forensic scanning technology to locate and prioritize dangerous vulnerabilities.  It is kept up to date using the latest web threat intelligence and automatically recognizes Ajax, Flash, Javascript, Web 2.0 applications and more.

High Performance Scanning
The NSFOCUS WVSS can easily scan over 100,000 pages per day because it is optimized to operate on large-scale web infrastructures by incorporating next gen technologies including intelligent page crawling, proxy caching, URL-level load balancing and automatically adapting speed based on bandwidth settings and consumption.

Local or Cloud-Delivered Vulnerability Assessment
The WVSS can be installed locally as a network appliance or delivered as a cloud service (coming Q3 2016) to support a wide range of compliance and security requirements.

Closed-Loop Security Through Integration With the NSFOCUS WAF
The results of WVSS scanning and analysis can be used to automate the configuration of the NSFOCUS WAF. The findings of WVSS can be input into the WAF to generate a “smart patch” to provide closed–loop detection and defense for your websites. This closed-loop system ensures the best, timely protection possible and reduces operational expenses by simplifying the configuration of your web application defenses.

For more information, please download the WAF datasheet.