Yes – NetScaler features definitely align to the OWASP top 10 especially the Application Firewall (AppFW) features! Open Web Application Security Project (OWASP) released the Top 10 2013 for web security. This list basically goes through in detail the top common web app vulnerabilities. Per many requests to provide the latest update on how our features align with OWASP Top-10 2013, here is the list below along with link on the doc that talks about this more in detail.
OWASP Top-10 2013
|A1- Injection||Injection attack prevention (SQL or any other custom injections such as OS Command injection, XPath injection, LDAP Injection etc.). Auto update signature feature|
|A2 – Broken Authentication and Session Management||AAA, Cookie Tampering protection, Cookie Proxying, Cookie Encryption, CSRF tagging, Use SSL|
|A3 – Cross Site Scripting ( XSS )||XSS Attack Prevention, Blocks all OWASP XSS cheat sheet attacks|
|A4 – Insecure Direct Object References||StartURL checks, AAA, Form protections & Cookie tampering protections|
|A5 – Security Misconfiguration||PCI reports. SSL features. Signature generation from vulnerability scan reports like Cenzic, Qualys , Whitehat and IBM AppScan. In addition, very specific protections such as Cookie encryption, proxying, tampering etc.|
|A6 – Sensitive Data Exposure||Credit Card protection, Safe Commerce, Cookie proxying & Cookie Encryption|
|A7 – Missing Function Level Access Control||Authorization security feature within AAA module of Netscaler, StartURL and ClosureURL|
|A8 – Cross Site Request Forgery||CSRF form tagging, Referer header validation|
|A9 – Using Components with known Vulnerabilities||Vulnerability scan reports, Application Firewall Templates & Custom Signatures|
|A10 – Unvalidated Redirects and Forwards||Protections by policy control, field format protection configuration|
Here is the link to full document with the NetScaler features with OWASP top 10.
For further details of the features, check out NetScaler eDocs as well.