A Web Application Firewall (WAF) is a layer 7 Firewall (often called proxy firewalls). Because it acts on the application layer, it may inspect the contents of the traffic, blocking specified content, such as certain websites, viruses and attempts to exploit known logical flaws in client software.

The disadvantage of a WAF is that the configuration needs a certain level of web security expertise. This is one of the main reasons why most organizations do not have yet a WAF installed. ZION SECURED WAMAF however is security as a service and completely managed and monitored by our web security experts.

ZION SECURED WAMAF protects your web site(s) and web server(s) against attacks and generates detailed reports of detected attacks, like an anti-virus software protects a computer. Of course this is more complex than an anti-virus software because every web site is different due to custom development. There are default software solutions like a content management system (e.g: Drupal & Sharepoint), but they require custom development most of the time to make integration with the underlying systems possible.

The biggest advantage of a WAMAF is that it only looks to the traffic to the website and not to the traffic to the underlying systems. These underlying systems are in most cases protected by a network firewall in a Demilitarized Zone (DMZ).

A WAMAF can:

1. Inspect HTTP traffic to detect attacks
2. Decrypt HTTPS or translate from HTTP to HTTPS
3. Be used as an infrastructure component or as web server component
4. Protect your web site against malware

The Basic version has limited WAF functionality. The Advanced and Pro versions have full WAF functionality.

Basic:

• Minimum configuration according to the web site that has to be secured
• Uses negative security model: the blocking of known attacks based on a blacklist
• Limited statistics for customers
• Black-list monitoring for malware

Advanced:

• Uses positive security model: the blocking of known attacks based on a blacklist with additionally it learns how the application works through a learning process
• Load-balancing of underlying web servers
• Output filtering
• High availability
• Portal for customers with detailed statistics
• Black-list monitoring for malware
• Scanning of web pages for malware and blocking these in case of problems

If a site has been infected with malware, there is a good chance the site will get blacklisted by Google, Firefox, Internet Explorer, and/or the desktop anti-virus companies. If this happens, the website will suffer losses of traffic, revenue and brand.

Often, sites first discover that they have been blacklisted when a customer notifies them of the blacklisting. We provide an alert service to help websites react quickly if their site has been blacklisted.

The Blacklist Monitoring solution frequently checks your website against a variety of blacklists. If the website appears on a blacklist, you receive an instant alert. You can subsequently return to our experts and diagnose any problems with the blacklisted site.

Your Key Benefits:

• Minimize losses by reacting quickly if your website is blacklisted
• Checks your website regularly against a variety of important blacklists including Google, Firefox, Chrome, and others
• Get an instant alert if your site is blacklisted

This is a reactive solution due to the fact that you are already infected and blacklisted when you receive this alert. The main advantage is that you know you are blacklisted and that you can react quickly.

Our customers receive statistics about the source IP, the number of attacks, the origin of the attacks, the attack class and the risk of the attack when exploited. This is very useful information for your organization. At this moment customers receive statistics by mail. We are now building a portal where customers can login to consult real-time statistics.

For example, ZION SECURED WAMAF detected the following attacks on our website on the 28th and the 29th of Januari 2010.

Our ZION SECURED WAMAF solution blocks malware attacks in the cloud. On top of that, we scan your website for malware infections. If we detect that your website has been infected, the web page will be blocked by our WAMAF from visitors and you will receive an immediate alert with diagnostic information to remove the infection.

Armed with the diagnostic information, you (or the web hosting provider) can remove the malicious code, in many cases before the site would get blacklisted.

As a result, the site can continue to operate as normal and avoid getting blacklisted, even after suffering a malware attack. We continue to monitor the site and send alerts if malware activity is detected in the future.

For example Javascript viruses will be immediately detected and escalated to the customer to prevent that visitors of the customer's web site are infected.

Your Key Benefits:

• Avoid getting blacklisted (and avoid revenue and brand losses) with regular scans of your site and malware blocking in the cloud
• Instant alerts of malware activity on your site (most often before blacklisting occurs)
• Actionable information to resolve the malware problem quickly and avoid getting blacklisted

VERIFIED closes the gap between detecting, fixing and retesting vulnerabilities in your web applications.

VERIFIED scans your web applications at regular intervals. We find your vulnerabilities, propose a solution to your development team and prove that they were resolved by verifying the solution.

Our service consists of a combination of software and manual tests. The software comes from WhiteHat, an American web application security company. This software has been especially developed to test and scan (custom) web applications, what makes it unique in the market.

Aside from using the software to test your applications, our security experts also perform manual tests on your critical applications.

VERIFIED handles your web applications vulnerability management for you. However, it also puts you in the uiver's seat of multitude tasks that put you in charge.

You can:

• Request to schedule a new scan for an application.
• Request a manual retest of a vulnerability that you already addressed.
• Send a general support question about software security.
• Receive vulnerability reports in HTML format. As VERIFIED identifies vulnerabilities, it classifies them according to the 24 Web Application Security Consortium (WASC) vulnerability classes and the OWASP Top 10.
• ...

VERIFIED scans for business logic flaws and vulnerabilities. It tests for example the OWASP Top 10 and the WASC 24 classes. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. VERIFIED is always up to date with the newest vulnerabilities.

A fast and safe Web Application Firewall (WAF) integration closes the loop between vulnerability detection and mitigation. VERIFIED integrates with ZION SECURED WAMAF. If VERIFIED finds a vulnerability, ZION SECURED WAMAF will create a virtual patch to block the vulnerability.

blabla test

blabla test