Over 70 percent of successful Internet attacks now exploit application vulnerabilities. AppFirewall secures web applications, prevents inadvertent or intentional disclosure of confidential information and aids in compliance with information security regulations such as PCI-DSS. AppFirewall is available as a standalone security appliance or as a fully integrated module of the NetScaler application delivery solution and is included with Citrix NetScaler, Platinum Edition.
Rapid deployment with built-in intelligence
High performance web application firewall
AppFirewall, the industry's highest performing web application security solution, protects web servers without degrading throughput or application response times. AppFirewall blocks application-level and other attacks, regardless of complexity or processing power required, at over a gigabit per second rates.
Proven protection against attacks
The AppFirewall hybrid security model blocks all known and day-zero application-layer attacks. Web application behavior deviating from normal application use is treated as potentially malicious and blocked. A second level of protection is provided through the efficient scanning of thousands of automatically updated signatures.
Below are the key protection tactics employed by NetScaler AppFirewall.
A cross-site scripting attack (XSS), sends a web application an unvalidated script that activates when it is read by the browser or application to steal user identities, hijack user sessions, poison cookies, redirect users to malicious web sites, access restricted sites and even launch false advertisements. AppFirewall has dynamic context sensitive XSS attack protections that looks for anything that looks like an HTML tag and checks against allowed HTML attributes and tags to detect XSS attacks. Custom XSS patterns can be stored to modify this default list of tags and attributes. Both HTML and XML payloads are inspected. Field format protection and form field consistency is included.
Cross-Site Request Forgery
Cross-site request forgery (CSRF) attacks post an executable script that will run on a browser. An unsuspecting user will download the page and the script sends a forged HTTP request, including the victim's session cookie and any other authentication information, to a vulnerable web application. To block such attacks, AppFirewall provides CSRF form tagging where a unique token is added to each form sent to the client and requests are checked to see if it contains the unique tag ID provided by NetScaler. In addition, referrer header protection is included whereby CSRF attacks are blocked by checking if the referrer header is coming from an authorized site.
Web applications have database access privileges and are used to get to the SQL database. Fragments of SQL commands are sent to the web applications which in turn are passed to databases for execution. AppFirewall protects against SQL injection by monitoring for a combination of SQL key words and punctuation. Custom injection patterns can be stored to protect against any type of injection attack including XPath and LDAP. Field format protection features allow the administrator to restrict any user parameter to a regular expression. Form fields are checked for consistency to validate user forms against the user session form signatures to ensure validity of all form elements.
AppFirewall includes a rich set of XML-specific security protections and secures all flavors of XML. These include schema validation to thoroughly verify SOAP messages and XML payloads, and a powerful XML attachment check to block attachments containing malicious executables or viruses. AppFirewall also thwarts a variety of DoS attacks, including external entity references, recursive expansion, excessive nesting and malicious messages containing either long or a large number of attributes and elements. Advanced XML Protections include WSDL Scanning prevention and blocking of XPath injection attacks.
Buffer overflow attacks, among the most common application-layer exploits (Code Red and Nimda are well-known examples), attempt to overflow an input buffer with excessive data, enabling it to run a remote shell on the machine and gain the same system privileges granted to the application being attacked. AppFirewall performs a deep stream inspection on all HTTP traffic to block buffer overflows anywhere in a client request and limits input parameter sizes for URLs, headers and cookies.
AppFirewall business object protection prevents the unauthorized and inadvertent leakage of sensitive customer or corporate information. If a sensitive data object is detected in a server response, AppFirewall can block the page, strip or mask the object. AppFirewall ensures that no information is sent from the web server that would compromise customer data and result in potential identity theft. Citrix Business Object Protection modules are ideal for achieving regulatory compliance with Gramm-Leach-Bliley, the California Database Breach Act and other privacy mandates.
Additional known and unknown attacks
These are just a handful of ways that AppFirewall secures your applications from attacks. Dozens of other incursions that are stopped include form field protection, cookie poisoning, forceful browsing and other customizable injection techniques. Signature scanning quickly and efficiently checks against and blocks thousands of known application attack vectors.