 |
|
 |
Web
Application Firewall (WAF) Certification The Web Application Firewall works at the application layer – much higher than traditional solutions such as firewalls and IPS – to intercept all incoming and outgoing traffic to and from applications, validating and securing requests before they are allowed to pass through to back-end servers. These products understand the application logic, and have a detailed knowledge of the acceptable rules of engagement between the external client and the internal application server. They are thus capable of inspecting the content of each request and response and applying a complex set of rules in order to ensure that the client is not doing anything untoward. The Web Application Firewall is also designed to regulate each application to prevent manipulation and defacement, providing a safe environment for corporate data. As part of its extensive Web Application Firewall test methodology The NSS Group subjects each product to a brutal battery of tests that verify the stability and performance of each device tested, determine the accuracy and effectiveness of its security coverage, and ensure that the device will not block legitimate traffic. If a particular device has been designated as NSS Approved, customers can be confident that the device will not significantly impact network/host performance, cause network/host crashes, or otherwise block legitimate traffic. To assess the complex matrix of WAF performance and security requirements, the NSS Group has developed a specialised lab environment that is able to exercise every facet of a Web Application Firewall product. The test suite contains hundreds of individual tests that evaluate these products in three main areas: performance and reliability, security effectiveness, and usability. This thorough review should give readers a complete perspective of the capabilities, maturity and suitability of the products tested for their particular needs. It is worth pointing out that standards are very high, and not every product submitted for testing receives an NSS Approved award. The NSS Group WAF test methodologies have become the de facto standard for testing in-line WAF devices, and the NSS Approved logo is now an essential item on the list of requirements when purchasing these products. Click here to download the complete WAF testing procedure in PDF format |
|
Send mail to webmaster
with questions or
|