How does the Edgenexus Web Application Firewall work?
The Edgenexus Web Application Firewall controls the input, output and access to and from an application by inspecting the HTTP conversation between the application and clients according to a set of rules.
These rules cover common attacks such as cross-site scripting (XSS), SQL injection, session hijacking and buffer overflows which network firewalls and intrusion detection systems are often not capable of doing. The rules may be also used to enforce security policies required by PCI DSS or other security standards in order to block leakage of sensitive information like credit card numbers.
By customising the rules to your application, many attacks can be identified and blocked. The effort to perform this customisation can be significant and needs to be maintained as the application is modified. A Set of PCI DSS rules come as standard to the product and can updates (assuming a valid support contract) via the software update function of the ALB-X.