Protect Your Web Application and APIs with Medianova WAF without Compromising performance

How WAF Protection Works

How WAF Protection Works

Protect Your Web Application from Advanced Attacks, Including OWASP Vulnerabilities and More

Types of Attacks We Protect You From

Types of Attacks We Protect You From

SQL Injection

Cross-Site Scripting (XSS)

Local File Inclusion

Remote File Inclusion

PHP Code Injection

Java Code Injection

Shellshock

Unix/Windows Shell Injection and more.

Security at The Edge

Extend your security perimeter and block attacks at the edge, before they ever reach the origin. Improve your defense with Medianova WAF, which runs on our powerful global edge network that is distributed among 50+ data centers.

Managed Rulesets & Customized Rules

Protect your Apps and APIs against sophisticated attacks reported by OWASP “Top 10 Security Risks” list, such as Cross-Site-Scripting (XSS) and SQL Injection. Define customized rules for tailored protection and prevent false-positives.

Continuous Update of WAF Rulesets

Maintain effective protection against emerging threats and vulnerabilities.

Analysis in Monitoring-only Mode

Enhance your security posture without disrupting your workflow.

Increased Scalability

Increase your scalability with our CPU-optimized WAF running on Kubernetes environment and ensure App & API security at all times – even during huge spikes of traffic.

Reduced Costs

Secure your platforms without investing in expensive hardware appliances and lower your general costs with zero CAPEX. Decrease resource usage at your origin and save on infrastructure costs, by serving your content from CDN.

Integrated Design

Integration with wide variety of services; Dynamic CDN, Anycast DNS and Load Balancing.

Geo-Blocking

Blocks malicious traffic from certain in geography.

SSL/TLS

TLS 1.3 increases productivity by reducing lateness and increases cipher strength security.

DDoS Mitigation

Protection against DDoS attacks and provides attack mitigation.

We know you are busy so we will be quick

Are you ready for a
10-min discovery call?

References

Secure Your Web and Mobile Apps with Medianova WAF Service

Get In Touch

WAFs or web application firewalls are cyber security solutions responsible for monitoring and filtering network traffic between a web application or an API and external HTTP connections following specific rulesets.

Just like security guards at a gate, WAFs observe those who want to enter, and if there is suspicious behavior, they do not allow passage and inform certain authorities.

There are three main ways to implement a WAF: hardware- (network) based, host-based and cloud-based.

In a network- or hardware-based application, WAF is physically installed on the technology infrastructure. Although it minimizes the latency problem, it is an expensive method.

In the host-based application, WAF is integrated into an application’s software. When this method is used, the server cost increases while the hardware cost decreases.

The cloud-based application is the most modern method. By paying a monthly service fee to a provider, organizations get WAF service with much less upfront investment.

It works in contrast to proxy servers, which a client computer uses as a tool to protect its identity. Using WAF forces clients to interact with the WAF before entering the server. Thus, it acts as a reverse proxy protecting the identity of the server.

  1.  Improved Security: WAFs protect your website, applications and APIs against sophisticated attacks that may affect the accessibility of your web properties, and cause disruption in business continuity, financial loss, and reputational damage. They detect and block malicious requests, such as SQL injection, local/remote file inclusion, PHP code injection Java code injection, cross-site scripting attacks and many more.
  2. Mitigation of Emerging Threats: WAFs can be regularly updated with new security rules and signatures to address emerging threats, providing proactive protection against the latest attack techniques.
  3. Increased Visibility: WAFs provide visibility into application traffic and can alert administrators to suspicious activity. This can help identify problems before they become serious.
  4. Cost Savings: WAFs can reduce costs associated with security breaches and can help organizations avoid financial loss.

A WAF operates at the application layer (Layer 7) of the network stack, which enables it to provide more granular and context-aware security controls compared to traditional firewalls that work at lower network layers. It analyzes the application-specific traffic, looking for signs of malicious activity or abnormal behavior.

Yes, WAFs can analyze the HTTP requests targeting the API and apply security rules to detect and block malicious traffic. This includes identifying and blocking common attack techniques such as SQL injection, cross-site scripting (XSS), and API-specific vulnerabilities. Additionally, WAFs can enforce rate limiting policies on API requests, ensuring that excessive traffic or abuse is controlled. This helps protect the API from brute-force attacks, denial-of-service (DoS) attacks, and other forms of excessive traffic that can impact its availability and performance.

Yes, WAFs can block blacklisted IP addresses. A WAF can be configured to block certain IP addresses from accessing a website or application. This is a common security practice to prevent malicious traffic from accessing a website or application.

WAFs can block requests with any HTTP status code. Commonly blocked status codes are 403 (Forbidden), 404 (Not Found), and 429 (Too Many Requests).

Configuring a web application firewall (WAF) involves several steps to ensure it effectively protects web applications. While specific configurations may vary based on the WAF solution and the requirements of the application, here are some common steps involved in configuring a WAF in below.

  1. Determine WAF Mode: Choose the appropriate deployment mode for the WAF, such as on, off or monitoring only, depending on your security requirements. In the “Monitoring Only” mode, WAF provides real-time monitoring for potential threats, while allowing all traffic to pass through uninterrupted, providing you with valuable insights into your website’s security posture without affecting its functionality.
  2. Configure whitelisting and blacklisting: Set up whitelists and blacklists to define trusted sources or IP addresses to allow or block. Whitelists ensure that legitimate traffic is not mistakenly blocked, while blacklists help prevent access from known malicious sources.
  3. Customize rule sets: Modify the rule sets provided by the WAF vendor to align with the specific requirements of your web application. Fine-tune rules, filters, and settings based on the application’s architecture, behavior, and potential attack surface. This may involve creating custom rules or adjusting existing ones.
  4. Testing and tuning: Conduct thorough testing to validate the effectiveness of the WAF configuration. Test different attack vectors, perform vulnerability scanning, and evaluate the WAF’s ability to detect and block threats while allowing legitimate traffic. Based on testing results, fine-tune the configuration to minimize false positives and negatives.

Web application firewalls can be deployed in different ways, including as a physical appliance, as software running on dedicated servers, or as a cloud-based service. Cloud-based WAFs have gained popularity due to their scalability, ease of deployment, and continuous updates to keep up with emerging threats.

  • Scalability: Cloud-based WAFs can handle high volumes of web traffic and requests and are highly scalable. In order to dynamically scale resources in response to demand, they make use of the cloud infrastructure. As a result, websites and applications are kept secure even during traffic peaks or unexpected workload increases.
  • Rapid Deployment: Rapid Deployment: Without requiring extensive hardware or software installations, cloud-based WAFs can be quickly deployed and activated.They are frequently implemented as a service, enabling businesses to quickly begin protecting their web applications. Cloud-based WAFs are typically configured and managed using simple web interfaces or APIs.
  • Cost Efficiency: Organizations don’t have to spend money on specialized hardware or infrastructure when using cloud-based WAFs. Instead, they use a subscription-based business model whereby businesses pay only for the services they actually use. As a result, it is less expensive to start up and maintain the WAF infrastructure and it requires fewer specialized IT resources.
  • Automated Updates and Threat Intelligence: Cloud-based WAFs make use of the cloud’s capabilities to deliver ongoing updates and access to the most recent threat intelligence. By automatically updating their rule sets and security policies, they can quickly adapt to new attack methods and emerging threats. Web applications are safeguarded against the most recent vulnerabilities and attack methods thanks to this proactive approach.
  • Real-Time Monitoring and Reporting: Organizations can learn more about web application traffic, security events, and attack attempts thanks to the real-time monitoring and reporting features offered by cloud-based WAFs. They provide thorough dashboards, logs, and alerts that help security teams identify threats and take appropriate action.

 

Medianova CDN has enabled its Web Application Firewall (WAF) layer recently to present a more secure and scalable solution to protect your website. Security has always been a cornerstone issue from the infancy of the Internet, and growing malicious attacks drove businesses to find more secure IT solutions. Nowadays, almost anyone can see the emphasis made by IT professionals on security both concerning personal and commercial information. As malicious attacks affect commercial web applications with more novel approaches; IT professionals tend to find a more secure solution for their web applications. However, securing business-critical web applications is a gargantuan task and may require demanding security expertise.

Almost a decade ago the Client-Server Architecture (CSA) was the prevalent architectural paradigm over the Internet. CSA can simply be put as a direct connection between the end-user (your client) and proprietary servers: The end-user requests are fulfilled from your local servers and relayed to the end-user. Nowadays, distributed infrastructure (i.e. Content Delivery Networks)is the accelerating paradigm where your clients can request data from various servers around the world. The shift from CSA to distributed infrastructures had also evolved the requirements of IT security.

To alleviate CDN security risks, we have activated our WAF layer to present a more secure infrastructure. Briefly stated; WAF applies a set of rules to HTTP connection of the end-user with the server. Using WAF, your web application will be protected against common security threats such as SQL injection, Cross-site Scripting (XSS).  After our seamless and agile onboarding process, you can use our WAF services by defining your own set of rules that suit your web application.

As Medianova we have engineered Medinova WAF according to design principles of the Open Web Application Security Project (OWASP). OWASP is a non-profit organization to improve software security and its design principles are widely accepted in the IT Security community. OWASP design principles span a very wide spectrum from “Understanding Hackers” to defining “Security Principles”. Currently, OWASP design principles present the most relevant common-wisdom methodology to alleviate security issues.

With Medianova WAF, we let you take control of your security depending on your business needs. We have engineered it to be easy-to-use with most relevant security software design principles. You can get more information by contacting us.

WAFs effectively support your cybersecurity posture, both individually and as a complement to different solutions. In protecting an e-commerce store against cyber threats, they stand out with the following features:

Malicious Bot Blocking

Security against bots is vital for e-commerce. Bots like scrapers, scanners, and crawlers harm your SEO strategy, sales, and overall business operations. An effective firewall web application can differentiate and block malicious bots.

Geo-Blocking

Network traffic from different geographies can be suspicious, especially for organizations that cater to specific markets. WAFs can block malicious traffic at the geo-level.

DDoS Protection

In a DDoS attack, the attacker’s goal is to send an excessive number of requests to the server, making the server unresponsive. The rulesets that WAFs follow can be effectively adjusted against DDoS attacks. A robust WAF solution can help you increase your DDoS security by limiting traffic from certain sources.

Request Filtering

Controlling every incoming and outgoing HTTP request is one of the most basic tasks of WAFs. An effective WAF solution filters requests that it considers suspicious in line with rule sets and reports the situation to the relevant units.

Protection Against Sophisticated Attacks

OWASP or the Open Web Application Security Project, publishes a list of the top 10 most dangerous and sophisticated web application attack threats, including Cross-Site-Scripting (XSS) and SQL Injections. Effective protection against the items on this list is very important because these attack types are responsible for the majority of attacks on web applications and APIs. A properly selected WAF solution will help you effectively protect your e-commerce store from these threats.

CDNs, or content delivery networks, ensure that digital content is delivered to end users not directly but through geographically distributed data points. The geographical distribution of data points ensures that users consistently access content from the closest source, with very low latency.

When you use WAF solutions combined with CDNs, malicious traffic is detected and blocked at a much further point from your main server. Secure CDNs that offer an advanced WAF solution, both strengthen your security posture and reduce the load on the source server.