Storm's Web Application Firewall (WAF) is an intelligent gateway that qualifies traffic to your web application. Malicious visitors and traffic are blocked or redirected, even when masked as legitimate traffic. With a WAF you're protected against attacks like cross-site scripting (XSS), SQL injections, remote file inclusion and execution, and more.
Log into the Storm Security Centre and activate your Web Application Firewall in a few clicks. Pre-configured rule sets protect against common and less common forms of attacks, which means less work and more end-to-end application security.
Custom WAF rule support comes standard with Storm's PCI-DSS 3.2 compliant CloudFlare package. Easily whitelist legitimate traffic and reduce false positives for more accurate organisation-specific protection of your critical applications and data.
Storm's Web Application Firewall delivers learned intelligence from threats detected and blocked across 10,000,000 websites. New threats are automatically added to your active rule set, delivering 24/7 cutting-edge protection.
OWASP ModSecurity Core Rule Set (CRS) delivers WAF attack prevention based on broad consensus critical security risks. Protection against the OWASP Top Ten list of critical threats is automatically included. OWASP project members consist of security experts from around the world who share their expertise.
|What is a Web Application Firewall (WAF)? (Show Answer)|
|A web application firewall filters HTTP conversations (traffic passing between your server and other computers). Rules are applied during the filtering process to eliminate threats and attacks, some of which may include SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), OS command injections, malicious file execution, and more.|
|Why do I need a Web Application Firewall (WAF)? (Show Answer)|
|Traditional firewalls won't necessarily qualify traffic that comes to your site – they typically block ports or listen for and redirect sudden spikes in bogus traffic common with attacks like DDoS. A WAF fills this gap, listening on the application layer and examining every request that comes to your site. It is a necessity, given that some attacks may masquerade as legitimate requests to your site to gain entry.|
|What is OWASP? (Show Answer)|
|The Open Web Application Security Project (OWASP) is a global non-profit organisation focused on application security. OWASP provides freely-available articles, methodologies, documentation, tools, and technologies to create awareness of, and enhance online application security.|