Continuous Intelligent Application Protection

Kemp WAF provides continuous protection against vulnerabilities with daily rule updates based on threat intelligence and research from information security provider, Trustwave. It combines Layer 7 Web Application Firewall protection with other application delivery services including intelligent load balancing, intrusion detection, intrusion prevention as well as edge security and authentication for comprehensive secure application delivery.

Layered Application Security

Add protection for common vulnerabilities

Vulnerability Protection provided by WAF
Injection of untrusted data Identify and block requests that contain untrusted data or code
Broken authentication and session management Protect against exploitation of weak Session ID management
Cross site scripting Protect against dynamically adding malicious code to a web page
Flawed access control Enforce access controls on what resources are accessible
Misconfigured security Ongoing protection for resources that are misconfigured or vulnerable
Sensitive data exposure Protect against leakage of information such as credit card numbers
Attack Protection Adds a layer of protection via constantly updated rules
Cross site forgery Protect authenticated users against forged requests

InspectInboundLoadMasterwith WAFDaily RuleUpdatesInspectOutbound

Simplify Application Security

Kemp WAF simplifies the challenge of securing applications against common vulnerabilities and emerging threats by combining best of breed application delivery with advanced security and application protection.

Comprehensive Security Services

LoadMaster provides integrated security capabilities alongside WAF including edge security, L7 IPS/IDS, DDoS mitigation, application publishing and authentication services.

PCI-DSS Compliance

Protecting web applications is of critical importance for all organizations, especially those that process payments. Kemp WAF reduces the need for extensive code reviews for PCI-DSS compliance with industry proven rule sets.

Ease of Deployment and Use

With Kemp’s focus on simplicity and shortening time to production for application deployment, LoadMaster with WAF enables secure, scalable, and always-on workload delivery in one fully integrated, easy to use and deploy load balancing solution.

Application Vulnerability Protection

Ongoing Protection

Kemp WAF includes automatically updated rules that provide protection against known and emerging threats

Cookie Tampering

Cookies are used in authentication and authorization processes as well as to track and maintain state across HTTP sessions. They can also be used to accomplish a number of attacks (SQL injection, XSS, buffer overflow, integer overflow) by injecting malicious values into the cookie.

Cross Site Request Forgery

Cross-site request forgery (CSRF or XSRF) attacks execute unwanted commands on a web application. These exploits inherit the privilege level of the user and appear legitimate to the application which the user is authenticated to. By checking referrer headers, WAF blocks CSRF attempts.


Injection attacks leverage client sessions to insert input data into a traffic stream that can be used to read privileged data, modify content and execute administrative operations. WAF mitigates such attacks by dynamically monitoring client traffic flows for malicious injection patterns and preventing unauthorized execution.

Cross-Site Scripting

Cross-site scripting (XSS) attacks exploit web-based applications by sending scripts that are transparently activated by clients when read allowing for user identity theft, cookie poisoning and malicious redirection. KEMP’s Application Firewall Pack mitigates this attack by disallowing the malicious injection of untrusted data into values that are passed.

Data Loss Prevention (DLP)

The unauthorized transfer of sensitive information from a network may happen through malicious and legitimate means. By inspecting and denying egress traffic containing unauthorized data, WAF prevents the exfiltration of sensitive content out of application infrastructures in alignment with business policies.

Payment Card Industry Data Security Standards

Simplify compliance with PCI-DSS with Kemp Web Application Firewall


Organizations that process card payments are subject to a set of standards from the Payment Card Industry (PCI). Using a WAF as part of the application delivery infrastructure simplifies compliance with PCI standards.

PCI-DSS Section 1.2: Deny traffic from untrusted networks and hosts

The integrated security features of LoadMaster with WAF limit access to only explicitly allowed entities using only the protocols that are dictated as allowable

PCI-DSS Section 3.3: Mask account numbers when displayed

WAF can prevent the leakage of sensitive PII (Personally identifiable information) data by inspecting traffic for known patterns such as social security numbers.

PCI-DSS Section 3.5: Protect encryption keys against disclosure and misuse

With models that support FIPS 140-2 Level 2 compliance, LoadMaster provides protection for private keys and supports secure processes for key management.

PCI-DSS Section 4.1: Use strong cryptography and security protocols

LoadMaster with WAF provides a security overlay for applications that may have support for the latest SSL and TLS versions. LoadMaster can enforce the use of specific protocols and cipher suites.

PCI-DSS Section 6.6: Audit and correct application code vulnerabilities or institute an application firewall

If a WAF is not deployed, organizations must conduct expensive and time-consuming reviews of application code to identify vulnerabilities. Such code reviews are retrospective and do not provide the ongoing, constantly updated protection provided by WAF.