Scribd Logo
Upload

Welcome to Scribd!

  • 19 views

    WAF (Web Application Firewall)

    Uploaded by

    Saleh Mostafa
    This document discusses web application firewalls (WAFs) and FortiWeb. It defines a WAF as a layer 7 appliance that protects web applications from application layer attacks. It describes the different modes WAFs can operate in, including learning, active, and passive modes. It also explains how WAFs work by learning normal traffic patterns, then blocking requests that deviate from normal behaviors based on signatures. The document discusses how FortiWeb can protect both traditional and API-based web applications, and lists some of its features like bot mitigation, advanced protections, behavioral validation, and integration with Fortinet products. Finally, it outlines the different form factors FortiWeb is available in, including appliances, virtual machines, public cloud

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    WAF (Web Application Firewall)

    Uploaded by

    Saleh Mostafa
    19 views11 pages
    This document discusses web application firewalls (WAFs) and FortiWeb. It defines a WAF as a layer 7 appliance that protects web applications from application layer attacks. It describes the different modes WAFs can operate in, including learning, active, and passive modes. It also explains how WAFs work by learning normal traffic patterns, then blocking requests that deviate from normal behaviors based on signatures. The document discusses how FortiWeb can protect both traditional and API-based web applications, and lists some of its features like bot mitigation, advanced protections, behavioral validation, and integration with Fortinet products. Finally, it outlines the different form factors FortiWeb is available in, including appliances, virtual machines, public cloud

    Original Description:

    Original Title

    Waf

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses web application firewalls (WAFs) and FortiWeb. It defines a WAF as a layer 7 appliance that protects web applications from application layer attacks. It describes the different modes WAFs can operate in, including learning, active, and passive modes. It also explains how WAFs work by learning normal traffic patterns, then blocking requests that deviate from normal behaviors based on signatures. The document discusses how FortiWeb can protect both traditional and API-based web applications, and lists some of its features like bot mitigation, advanced protections, behavioral validation, and integration with Fortinet products. Finally, it outlines the different form factors FortiWeb is available in, including appliances, virtual machines, public cloud

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    19 views11 pages

    WAF (Web Application Firewall)

    Uploaded by

    Saleh Mostafa
    This document discusses web application firewalls (WAFs) and FortiWeb. It defines a WAF as a layer 7 appliance that protects web applications from application layer attacks. It describes the different modes WAFs can operate in, including learning, active, and passive modes. It also explains how WAFs work by learning normal traffic patterns, then blocking requests that deviate from normal behaviors based on signatures. The document discusses how FortiWeb can protect both traditional and API-based web applications, and lists some of its features like bot mitigation, advanced protections, behavioral validation, and integration with Fortinet products. Finally, it outlines the different form factors FortiWeb is available in, including appliances, virtual machines, public cloud

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 11

    WA F

    (Web application firewall)


    AGENDA

     Definition
     WAF Modes
     How WAF Work
     FortiWeb
     Web apps and API protection
     FortiWeb Featuers
     FortiWeb Form Factors
    WAF Definition
    A web application firewall (WAF) is a layer 7 appliance, protects web
    applications from a variety of
    application layer attacks such as (SQL Injection, HTTP Flood, Cross site
    Scripting)
    WAF Modes
    • Learning Mode: learn the WAF, what’s the normal behavior of the Clients
    Inputs.

    • Active Mode: Block the malicious Inputs.

    • Passive Mode: don’t Block the malicious Inputs instead just Log it.
    How WAF Works

    1. WAF learn the normal traffic during the learning mode


    2. Malicious Traffic Signature Based
    3. signatures Based (IP, URL, User Agent, etc..)
    4. Abnormal Behaviors
    Web Application and API Protection
    FortiWeb addresses the key challenges that
    organizations face when deploying Internet-facing
    web applications:
    BOT MITIGATION

    • Web App Protection


    • Bot Mitigation
    • API Protection
    Traditional Web Applications vs. API Based Apps
    get
    Traditional Web Applications
    • Most processing takes place on
    the server
    HTML • Browser renders the HTML

    API get
    API Based Applications
    • Relies on more powerful clients
    to process raw data
    • Better performance
    • Better user experience for mobile
    devices.
    raw data
    8
    FortiWeb Features
    Layered Application protection

    ATTACKS/THREATS
    BOTNETS, MALICIOUS HOSTS, ANONYMOUS PROXIES, DDOS SOURCES IP REPUTATION
    APPLICATION LEVEL DDOS ATTACKS DDOS PROTECTION

    User/Device Threat Scoring


    IMPROPER HTTP RFC PROTOCOL VALIDATION

    CORRELATION
    KNOWN APPLICATION ATTACK TYPES ATTACK SIGNATURES
    VIRUSES, MALWARE, LOSS OF DATA ANTIVIRUS / DLP
    FORTIGATE AND FORTISANDBOX APT DETECTION INTEGRATION
    SCANNERS, CRAWLERS, SCRAPERS, CREDENTIAL STUFFING ADVANCED PROTECTION

    UNKNOWN APPLICATION ATTACKS WITH MACHINE LEARNING BEHAVIORAL VALIDATION

    APPLICATION

    9
    FortiWeb Form Factors
    Multiple options for maximum deployment flexibility

    SaaS

    Appliances Virtual Machines Public Cloud • Subscription based Container

    • 7 models • 5 VM models • 4 VM models • Based on data • 4 virtual appliances


    consumed and number
    • 25 Mbps to 20 Gbps • CPU-based • BYOL and On-demand • 25 Mbps to 2 Gbps
    of sites
    • Support for 10GE • Perpetual licensing • AWS, Azure, Google • Hosted by Fortinet • Docker support
    Cloud, Oracle Cloud
    • VMware, Hyper-V, Xen, • Delivered on AWS, • AWS ECS
    Citrix Xenserver, KVM, Azure, and GCP
    VirtualBox
    • Purchase with annual
    contracts or from the
    public cloud
    marketplaces
    Thanks!

    Any questions?

    You might also like