Protect web infrastructure against DDoS, SQL injection, XSS, and SSL attacks

Attacks against the web have become more vicious than ever. Distributed Denial of Service (DDoS) attacks starve legitimate traffic of resources; SQL injection attacks pass through firewalls to steal data; Cross Site Scripting (XSS) attacks use unvalidated scripts for malicious activities; and legacy SSL protocols can reveal application data to the determined hacker. Every type of business, no matter the size or industry, requires protection to address these threats.

Learn how

Citrix Networking solutions block all next-gen threats in one strategic, affordable platform. While protecting all layers of the computing stack, they provide accelerated app delivery and superior load balancing with 100 percent uptime.

DDoS attacks are resource wasters—they work by saturating network infrastructure so that it is unable to process legitimate traffic, making applications inaccessible. For a business, a web application that has crashed is no different than one that is under DDoS attack.

Citrix ADC and Citrix Web App Firewall easily thwart a variety of DDoS and DoS attacks, providing protection against tactics such as external entity references, recursive expansion, excessive nesting, and malicious messages containing either long or a large number of attributes and elements.

SQL injection is commonly used to steal identity data and other sensitive information. By inserting unauthorized database commands into a vulnerable web site, an attacker may gain unrestricted access to the entire contents of a backend database.

Citrix Web App Firewall identifies and mitigates against all kinds of SQL injection attacks. It also prevents all XML attacks by incorporating a rich set of XML-specific protections.

SSL-based attacks, in the absence of dedicated hardware for SSL termination and inspection, carry a heavy processing penalty. Citrix ADC protects against compute-intensive SSL-based DoS attacks, providing substantial coverage without the need to implement another set of dedicated devices. Dedicated SSL accelerators, which operate in conjunction with a full-proxy capability of identifying and dumping empty or malicious SSL connections, are instrumental in enabling Citrix ADC to fend off SSL flood attacks.

XSS attacks are commonly used to steal user identities, hijack user sessions, poison cookies, redirect users to malicious web sites, access restricted sites, and even launch false advertisements.

Citrix Web App Firewall has dynamic, context-sensitive capabilities to prevent XSS attacks. The platform looks for anything that looks like an HTML tag and checks against allowed HTML attributes and tags to detect XSS attacks. Custom XSS patterns can be stored to modify this default list of tags and attributes. Both HTML and XML payloads are inspected. Field format protection and form field consistency is included.

Citrix products

Citrix Web App Firewall

  • Industry’s highest-performing WAF
  • Protects web apps from known and zero-day application-layer attacks
  • Analyzes all bidirectional traffic to protect against an extensive range of threats

Citrix ADC

  • Provides web app security and optimization through a single, strategic platform
  • Offers app acceleration and superior load balancing
  • Protects against all DDoS threats, using a layered security model