Kemp's Web Application Firewall (WAF) helps to protect your custom or off the shelf applications from common vulnerabilities, such as SQL injection and cross-site scripting (XSS). It lets you create per application security profiles to enforce source location-level filtering, pre-integrated rulesets for common attack vectors and custom rules support. With these pre-defined rules and the ability to create your own custom rules, you can protect all your applications from within the LoadMaster from known attacks and prevent specific traffic patterns from reaching your applications and APIs – all without changing your application or infrastructure. It can also help meet organizational PCI-DSS and data loss prevention (DLP) compliance requirements. Visibility is provided with granular per-application event logging, in-UI statistic visualization and false positive analysis with rich telemetry to 3rd party SIEMs.
The Kemp Web Application Firewall (WAF) enabled as part of your network infrastructure helps deliver in-depth, defence for your web servers and applications from an ever changing threat landscape. The LoadMaster also provides a comprehensive security stack including DDoS, IDS/IPS, rate-limiting, SSL/TLS encrypting, authentication, and SSO, as well as WAF that simplifies customization and scales on-demand across any environment.
Updated reputation data daily to provide ongoing protection for a wide range of applications with option to supplement with custom rules for local use cases
Avoid the complexity of integrating multiple services with a fully integrated solution that provides a single point of control for application security
Achieve PCI DSS compliances without the expense and complexity of code reviews by implementing WAF for applications that process card payments.
The WASP Top 10 is a list of the most common and important security risks to web applications as deemed by the non-profit Open Web Application Security (OWASP) project. With pre-defined rulesets for the risks highlighted in the OWASP Top 10, Kemp’s WAF provide out-of-the-box protection without any application modifications.
Cookies are used in authentication and authorization processes as well as to track and maintain state across HTTP sessions. They can also be used to accomplish a number of attacks (SQL injection, XSS, buffer overflow, integer overflow) by injecting malicious values into the cookie.
Cross-site request forgery (CSRF or XSRF) attacks execute unwanted commands on a web application. These exploits inherit the privilege level of the user and appear legitimate to the application which the user is authenticated to. By checking referrer headers, WAF blocks CSRF attempts.
Injection attacks leverage client sessions to insert input data into a traffic stream that can be used to read privileged data, modify content and execute administrative operations. WAF mitigates such attacks by dynamically monitoring client traffic flows for malicious injection patterns and preventing unauthorized execution.
Cross-site scripting (XSS) attacks exploit web-based applications by sending scripts that are transparently activated by clients when read allowing for user identity theft, cookie poisoning and malicious redirection. Kemp’s Application Firewall Pack mitigates this attack by disallowing the malicious injection of untrusted data into values that are passed.
The unauthorized transfer of sensitive information from a network may happen through malicious and legitimate means. By inspecting and denying egress traffic containing unauthorized data, WAF prevents the exfiltration of sensitive content out of application infrastructures in alignment with business policies.