Professional Documents
Culture Documents
WAF (Web Application Firewall)
WAF (Web Application Firewall)
WAF (Web Application Firewall)
Definition
WAF Modes
How WAF Work
FortiWeb
Web apps and API protection
FortiWeb Featuers
FortiWeb Form Factors
WAF Definition
A web application firewall (WAF) is a layer 7 appliance, protects web
applications from a variety of
application layer attacks such as (SQL Injection, HTTP Flood, Cross site
Scripting)
WAF Modes
• Learning Mode: learn the WAF, what’s the normal behavior of the Clients
Inputs.
• Passive Mode: don’t Block the malicious Inputs instead just Log it.
How WAF Works
API get
API Based Applications
• Relies on more powerful clients
to process raw data
• Better performance
• Better user experience for mobile
devices.
raw data
8
FortiWeb Features
Layered Application protection
ATTACKS/THREATS
BOTNETS, MALICIOUS HOSTS, ANONYMOUS PROXIES, DDOS SOURCES IP REPUTATION
APPLICATION LEVEL DDOS ATTACKS DDOS PROTECTION
CORRELATION
KNOWN APPLICATION ATTACK TYPES ATTACK SIGNATURES
VIRUSES, MALWARE, LOSS OF DATA ANTIVIRUS / DLP
FORTIGATE AND FORTISANDBOX APT DETECTION INTEGRATION
SCANNERS, CRAWLERS, SCRAPERS, CREDENTIAL STUFFING ADVANCED PROTECTION
APPLICATION
9
FortiWeb Form Factors
Multiple options for maximum deployment flexibility
SaaS
Any questions?