WAF – Web Application Firewall

With more and more complex applications being built, and more and more commercial value coming from an online presence. It’s not surprising more and more sites are being targeted both for data theft, and also hijacking purposes.

Now it’s not enough to simply sit behind a firewall and lock down ports to restrict access, you need to ensure that requests coming to your web server are both legitimate, but also non-destructive.

As such PALSS offers your first line of defense in securing your web application. We offer an always on Web Application Firewall. Just like a normal firewall we look at each request and inspect the contents for common attack vectors, if we detect such an attack then we stop the request on our system. So your application never gets exposed to this risk.

Some of the common exploits we protect against are

SQL Injection (SQLi)
Cross Site Scripting (XSS)
Local File Inclusion (LFI)
Remote File Inclusion (RFI)
Remote Code Execution (RCE)
PHP Code Injection
HTTP Protocol Violations
Session Fixation
Scanner Detection
Metadata/Error Leakages
Project Honey Pot Blacklist
GeoIP Country Blocking

These make up the core OWASP rule set, specially crafted to ensure we block requests the are damaging to your business, without impacting on your users

In addition to this core rule set, we add rules based on attack traffic patterns as they happen. We can offer bespoke services, such as hotlink protection, access restrictions etc, just contact us with your requirements and we will see how we can help you.