Web Application Firewalls

Filter and block nonessential traffic at the application layer.

Web-application firewalls (WAF) filter and block nonessential traffic at the application layer.

Used in conjunction with a network-based firewall, a properly configured web-application firewall prevents application-layer attacks if applications are improperly coded or configured. This can be achieved through a combination of technology and process. Process-based solutions must have mechanisms that facilitate timely responses to alerts in order to meet the intent of this requirement, which is to prevent attacks.

The Citrix Netscaler AppFirewall specifically addresses PCI DSS requirement 6.6:

For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the following methods:

  • Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least annually and after any changes
  • Installing an automated technical solution that detects and prevents web based attacks (for example, a web application firewall) in front of public facing web applications, to continually check all traffic.

Citrix NetScaler is an all-in-one application delivery controller that enables organizations to address all of their web application security and optimization needs with a single, strategic platform.

In addition to supporting NetScaler AppFirewall, NetScaler provides an extensive set of load balancing, application acceleration and infrastructure layer security capabilities – including extensive protections for DDoS attacks. The result is a highly cost effective solution that thoroughly secures an organization’s web applications at the same time that it substantially enhances their performance, accessibility, and availability.

NetScaler AppFirewall™ is the industry’s highest performing, ICSA-certified and NSS Labs Recommended solution for protecting web and web services applications from all known and zero-day application-layer attacks.

Featuring a hybrid security model, NetScaler AppFirewall blocks all deviations from normal application behavior while efficiently scanning for thousands of automatically updated threat and vulnerability signatures. It analyzes all bi-directional traffic, including SSL-encrypted sessions, to protect against an extensive range of threats without any modification to the applications it’s defending.

In support of PCI security audits, NetScaler AppFirewall can generate a comprehensive report

that not only details all security protections defined in the application firewall policy that pertain to PCI requirements, but also highlights those configuration settings that are “out-of-compliance.” In addition, administrators can configure it to prevent the inadvertent leakage or theft of sensitive information, such as credit card numbers or custom-defined data objects, by either removing or masking content from application responses, so that sensitive information is not disclosed to anyone without a “need to know.”

For more detailed information on WHOA.com’s Web Application Firewall Service or any of our managed or professional services please contact us.