Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway



Similar documents
How To Protect A Web Application From Attack From A Trusted Environment

MatriXay WEB Application Vulnerability Scanner V Overview. (DAS- WEBScan ) The best WEB application assessment tool

NSFOCUS Web Application Firewall White Paper

Guidelines for Web applications protection with dedicated Web Application Firewall

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Where every interaction matters.

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Imperva s Response to Information Supplement to PCI DSS Requirement Section 6.6

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

FortiWeb 5.0, Web Application Firewall Course #251

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Information Technology Policy

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

(WAPT) Web Application Penetration Testing

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

From the Bottom to the Top: The Evolution of Application Monitoring

F5 Silverline Web Application Firewall Onboarding: Technical Note

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

NSFOCUS Web Application Firewall

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

MatriXay Database Vulnerability Scanner V3.0

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

Proxies. Chapter 4. Network & Security Gildas Avoine

Web Application Security

Adobe Systems Incorporated

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Using Free Tools To Test Web Application Security

Securing and Accelerating Databases In Minutes using GreenSQL

10 Things Every Web Application Firewall Should Provide Share this ebook

The New PCI Requirement: Application Firewall vs. Code Review

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Evaluation of Penetration Testing Software. Research

Passing PCI Compliance How to Address the Application Security Mandates

SSL VPN Technology White Paper

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

Web Application Penetration Testing

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Web Applications The Hacker s New Target

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

The Hillstone and Trend Micro Joint Solution

Rational AppScan & Ounce Products

Secure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification

IJMIE Volume 2, Issue 9 ISSN:

Introduction to the EIS Guide

IndusGuard Web Application Firewall Test Drive User Registration

WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6

PCI Requirements Coverage Summary Table

Locking down a Hitachi ID Suite server

Owner of the content within this article is Written by Marc Grote

74% 96 Action Items. Compliance

Essential IT Security Testing

Application Layer Encryption: Protecting against Application Logic and Session Theft Attacks. Whitepaper

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Introduction to Computer Security Benoit Donnet Academic Year

Client logo placeholder XXX REPORT. Page 1 of 37

IBM. Vulnerability scanning and best practices

Intrusion detection for web applications

Akamai Security Products

The Top Web Application Attacks: Are you vulnerable?

Reducing Application Vulnerabilities by Security Engineering

New IBM Security Scanning Software Protects Businesses From Hackers

F5 and Microsoft Exchange Security Solutions

Apigee Gateway Specifications

Web Application Firewalls: When Are They Useful? OWASP AppSec Europe May The OWASP Foundation

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Application Code Development Standards

F-Secure Messaging Security Gateway. Deployment Guide

SANS Top 20 Critical Controls for Effective Cyber Defense

05.0 Application Development

Internet Security and Acceleration Server 2000 with Service Pack 1 Audit. An analysis by Foundstone, Inc.

Basic & Advanced Administration for Citrix NetScaler 9.2

AN OVERVIEW OF VULNERABILITY SCANNERS

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Enterprise-Grade Security from the Cloud

Overview of Banking Application Security and PCI DSS Compliance for Banking Applications

FortiWeb for ISP. Web Application Firewall. Copyright Fortinet Inc. All rights reserved.

Internet Security Firewalls

ENQUIRY NO.NIE/PS/ DATE: 02/09/2014

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Web Application Firewall

Application Security Testing

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Load Balancing Security Gateways WHITE PAPER

NSFOCUS Web Vulnerability Scanning System

White Paper A10 Thunder and AX Series Load Balancing Security Gateways

IT Security & Compliance. On Time. On Budget. On Demand.

White Paper Secure Reverse Proxy Server and Web Application Firewall

OWASP and OWASP Top 10 (2007 Update) OWASP. The OWASP Foundation. Dave Wichers. The OWASP Foundation. OWASP Conferences Chair

Web Application Security 101

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

Transcription:

Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway All transparent deployment Full HTTPS site defense Prevention of OWASP top 10 Website Acceleration 1. Development History 2007 First published Web application firewall with transparent proxy in domestic 2008 Mingyu Web application firewall was used in portal sites of governments and enterprises 2008 Mingyu Web application firewall was the first WAF product used in the core trading system of domestic finance industry 2009 Developed various types of Web application firewall with concurrency more than 100,000 connects 2009 Mingyu WAF was used successfully in China Mobile online business with most traffic in domestic 2010 Mingyu WAF was selected by China center government as qualified security product. 2010 Asia market share of Mingyu WAF was on top three based on Frost & Sullivan statistics 2.Function Function Resist more than 30 WEB attacks Check protocol rules Resist WEB scanner to scan Prevent sensitive information leakage Prevent CC attack Performance More than 30 attack signatures are built in the system to protect the system against SQL injection, file injection, command injection, configuration injection, LDAP injection and XSS etc. With deployment of WAF, WEB attack behaviors are blocked automatically. Enable WEB active defense function by checking HTTP protocol rules, including request- header length limitation, request- code type limitation to block most illegal anonymous attacks. WAF can automate identifying scanning behavior from one scanner and intelligently block scanning behavior from Nikto Paros proxy WebScarab WebInspect Whisker libwhisker Burpsuite Wikto Pangolin Watchfire AppScan N- Stealth Acunetix Web Vulnerability Scanner. WAF has ability to detect the content with two- ways. Enable identifying sensitive information in server page and protecting the information leakage, such as server fault information, database connect file information, WEB server configuration, users private information continuously occurring in sites, which WAF can identify and provide protection upon relevant rules. Upon URL access frequency statistics, detect CC attack source by Page 1 / 5

Prevent hotlinking behaviors Track application program errors Prevent tampering static webpage WEB application acceleration WEB load balance Website access audit 3. Feature modeling access behaviors and take measure of time lock to prevent CC attacks from external network. The function can solve password blasting problem caused by lagging in verification code technology. Mingyu WAF supports various algorithms of identifying hotlinking against information theft behaviors, including single source hotlinking, distributed hotlinking, malicious data collection. Ensure the site source only accessed through this Site. Mingyu WAF can record error information in application program automatically and classify it as important reference when programmers need to analyze reason and remedy. WAF focuses on security defense of dynamic application program. Considering requirement to protect portal sites from tampering, defense and alert function against tampering static webpage is built in Mingyu WAF. The page to prevent tampering is indicated to user and the system alert on time. Use WebCache technology to accelerate protected website. Enable improvement of access speed by caching static file and dynamically querying multiplexing TCP connection. Enable lightweight load balance of protected sites through WAF and alleviate a single point of failure caused by a single server to ensure site working without interruption. Make access traffic analysis and statistics to indicate real- time trend chart, websites that customers most focus, or areas where customers most often access. Provide important data for business function evaluation. Features Security compliance Powerful defense capability Good Usability Real- time Alert security status Detailed Security logs Multiple security defense measurements Flexible deployment Description Based on compliance requirement in different industries, WEB application is compliant with many regulations, including PCI DSS Built- in defense policies against OWASP top 10. Comparing with other products with a few signatures (SQL injection, XSS) in domestic market, DAS- WAF s signatures library contained more than 30 security signatures to protect specific development languages, WEB server versions CMS against web attacks. DAS- WAF uses the advanced transparent proxy technology with zero environment impact. The signatures library has minimum false- positive rate which was proved well in wide applications. DAS- WAF can analyze and detect real- time security threats automatically. When protected site is attacked, the system can alert security incident automatically to administrator in order to take security measurement right the first time. In application, DAS- WAF can record all detail attack information related with HTTP protocols, including querying URL, POST content, response header, webpage s content. Provide direct evidences for tracking security incidents. Do not affect normal business access upon blocking URL request; Provide blacklist to restrict attack behaviors without interruption. Camouflage response defeats malicious attack behaviors. Enable all transparent deployment, one- arm mode, tracking mode, gateway mode. Available to use it in complex network environments for Page 2 / 5

modes Virtual Patching Virtual Host E- commerce environment compliance Support multiple protocols government, finance, operators, education, enterprises etc. Enable virtual patching function through custom rules combination. WAF will block vulnerabilities exploited by attackers to ensure quick remediation without interruption. Enable saving IP addresses through virtual host function, more important to hide real server to enhance site security defense capability. Mostly WEB core business uses SSL encryption and CDN acceleration technology. Normal WEB application firewall is hard to identify who is real access IP or execute access control in application. DAS- WAF uses HTTP data mining technology in application to solve the problem that normal WAF can not do. HTTP 0.9, HTTP1.0, HTTP1.1 WEB 2.0, WAP protocol, xml, webdav 4. Specification Model WAF-200AG WAF-500AG WAF- WAF- 1000AG 3000AG Form Factor 1U 2U 2U 2U Number 4 6 6 6 Available Available Available NA Extendability Electric/ Electric/ Electric Electric/ Optical Type Optical Optical Single power Power Supply Single power supply supply 1+1 Redundant 1+1 Redundant /(Redundant Power Supply Power Supply Power Supply selectable Hardware Available Available Available Available BYPASS Built- in Optical Available Available Available NA Port BYPASS Most Power 300W 400W 460W 460W MTBF >60000 Hours >60000 Hours >75000 Hours >75000 Hours Management Mode WEB configuration Console command- line configuration Table 4-1 Page 3 / 5

Mingyu DAS- WAF 5. Typical Application l Core Business System As figure below, Mingyu WAF was deployed in core trading system of network bank. Effectively prevent sensitive information leakage and application attacks. Meanwhile meet compliance requirement in finance business. Good analysis function of application layer enables to identify real access information under HTTP environment very well. l Portal Sites Mingyu WAF is deployed in the front end of portal website server group. Through resistance of scanning, prevention of injection, XSS, back- door attack, reinforce security protection capability of portal website, meanwhile, considered to meet compliance requirement. Through URL white- list function, implement separation of access and security strategy between portal website front- end and management background. With the help of DBAPPSecurity s monitor platform, implement remote security monitor of website through public network. Copyright DBAPPSecurity Ltd All Right Reserved Page 4 / 5

E- Commerce Mingyu WAF supports distributed, cluster deployment to provide safety insurance of high performance for e- commerce website. It can implement 7- layer application protection, and do not change high usability of original structure. Through WEB application acceleration module, provide professional acceleration function for e- commerce website to ensure e- commerce website workable well in important three indictors: usability, safety, quickness. Page 5 / 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information