Web Application Firewall (WAF)

FortiWeb-based service for tracking and blocking known and new attacks on the web application.

Web Application Firewall (WAF)

Critical web applications protection
Protect the website, online store, payment systems, user accounts and other web applications from known and new attacks, including those in OWASP-10.
Meeting the requirements of PCI DSS standard
The WAF service is certified by the PCI DSS, which makes it easier to meet the requirements of the system in terms of protection against attacks.

Why do you need WAF

Web applications have vulnerabilities

72% of perimeter intrusions coming from the exploitation of web application vulnerabilities (according to the Positive Technologies report).

High speed of web applications development

A new release comes out almost every two weeks.
Testing is aimed at functionality test and does not reveal all potential vulnerabilities.

Common firewall and IPS are not enough

The firewall runs at L3 L4 levels. IPS works with the known attacks. It doesn’t know anything about a protected web application, user, session, so it can’t always protect against an attack.

WAF protects against the most common vulnerabilities and attacks
  • Incorrect security settings.
  • Cross-site Scripting.
  • SQL injections.
  • Сross Site Request Forgery.
  • Session hijacking.
  • Authentication weaknesses.
  • Access control weaknesses.
  • External entities XML (XXE).
Service features

Protection of the web application at the level of the L7 network protocols: HTTPS, HTTP, FTP.

Analysis of each client’s behavior during the application session.

Automatic detection and blocking of attacks.

Detailed reports on recorded and repulsed attacks.

On request: connecting to the selected installation with advanced visualization capabilities.

How it works

1. We place your web application behind our WAF and AntiDDoS.

2. We scan the web application with Qualys and identify vulnerabilities. Based on this report, we form WAF policies.

3. WAF blocks attacks and suspicious requests to the web application.

4. The Dataline Cybersecurity Center monitors the operation of the service:
- analyze the attacks,
- investigate attempted break-ins,
- complement the policies,
- provide you with report (attack types, source countries, WAF response to attack).

1. We place your web application behind our WAF and AntiDDoS.

2. We scan the web application with Qualys and identify vulnerabilities. Based on this report, we form WAF policies.

3. WAF blocks attacks and suspicious requests to the web application.

4. The Dataline Cybersecurity Center monitors the operation of the service:
- analyze the attacks,
- investigate attempted break-ins,
- complement the policies,
- provide you with report (attack types, source countries, WAF response to attack).

SLA – your personal quality control

For all "Web Application Firewall (WAF)" clients we provide a detailed Service Level Agreement (SLA). Key parameters and indicators, we are financially liable for, are listed below:

21 minutes maximum downtime per month

≤ 1 hour suppressing complex non-typical attacks from the moment of request or detection of an attack

24x7 technical support via email or by phone

≤15 minutes incident response time

WAF advantages

Minimum false positive rate due to self-learning mechanisms that detect anomalies and determine whether they are threats.

The WAF service is certified by the PCI DSS, which makes it easier to pass the certification standard.

Operational tracking of atypical events and quick reaction to attack.

Flexible pricing based on traffic volume.