Protect web infrastructure against DDoS, SQL injection, XSS, and SSL attacks

Mitigate threats by blocking known and emerging threats in one platform

Attacks against web applications and infrastructure have become more common and destructive than ever. Distributed Denial of Service (DDoS) attacks prevent legitimate users and traffic from getting the resources they need. SQL injection attacks pass through firewalls to exfiltrate data and infect corporate networks. Cross Site Scripting (XSS) attacks use unvalidated scripts for malicious activities. Legacy SSL protocols are more vulnerable than ever, and reveal application data to hackers. Every type of business, no matter the size or industry, requires protection to address these threats.

Learn how

DDoS attacks work by using multiple origin points to saturate network applications with network traffic. Doing this makes it difficult to identify a single attacker, and applications crash and become unable to serve legitimate users. For a business, this translates to measurable lost revenue while critical applications are down.

Citrix ADC and Citrix Web App Firewall prevent a variety of DDoS and DoS attacks, providing protection against tactics such as:

  • External entity references
  • Recursive expansion
  • Excessive nesting
  • Malicious messages

SQL injection is commonly used to steal identity data and other sensitive information. By inserting unauthorized database commands into a vulnerable website, an attacker may gain unrestricted access to the entire contents of a backend database.

Citrix Web App Firewall identifies and mitigates against a variety of SQL injection attacks. It also prevents XML and JSON attacks through payload inspection, via a rich set of specific protections.

SSL-based attacks, in the absence of dedicated hardware for SSL termination and inspection, carry a heavy processing penalty. Working with Citrix Web App Firewall, Citrix ADC protects against compute-intensive SSL-based DoS attacks, providing broad coverage without the need to implement another set of dedicated devices.

XSS attacks are commonly used to steal user identities, hijack user sessions, poison cookies, redirect users to malicious websites, access restricted sites, and even launch false advertisements.

Citrix Web App Firewall has dynamic, context-sensitive capabilities to prevent XSS attacks. The platform searches anything that looks like an HTML tag and checks against allowed HTML attributes and tags to detect attacks. Custom XSS patterns can be stored to modify this default list of tags and attributes. HTML, XML, and JSON payloads are inspected and field format protection and form field consistency are included.

Citrix products

Citrix Web App Firewall

  • Industry’s highest-performing WAF
  • Ensures PCI DSS compliance
  • Protects web apps from known and emerging threats

Citrix ADC

  • Provides web app firewall as part of a broad suite of services through a single platform
  • Offers load balancing, infrastructure-layer security, DDoS defense, and content inspection
  • Centralizes reporting, management, and orchestration into Citrix Application Delivery Management