DenyAll Web Services Firewall is a standalone product which can also be deployed as an extension of DenyAll Web Application Firewall. It leverages the administration versatility of the platform to provide security for IT process relying on XML/SOAP traffic and APIs. Use it to route and optimize Web services, ensure machine-to-machine communications within your IT and with partners are not the subject of denial of service and intrusion attacks.
OVERVIEWEasy. Effective. Cost Effective.
BENEFITSDiscover why relying on DenyAll WSF is the right decision for you
Because you need your admins and developers to collaborate and release code fast without losing time on repetitive tasks.
Because you need to actually block attacks targeting your Web Services and can’t afford false positive to be generated.
Application Security Innovation
Because you know old recipes don’t work and want to take advantage of innovative approaches in application security
Because you need to discover those unprotected, vulnerable web services members and make sure they are covered too.
Because you need to protect all web services members, including those outside of your direct control.
NextGen Application Security
Because protecting your IT requires an integrated solution, combining scanning, web application/services security and user access.
FEATURESWith DenyAll Web Services Firewall, optimize the performance and security of your Web Services
Optimizing XML traffic and configuring Web Services security is as simple as dropping boxes and dragging arrows. Making complex data flows and policy understandable by people not familiar with that.
Automate basic administrative tasks, including initial setup and policy configuration, on-going monitoring and reporting activities.
XML parsing and scheme validation for DTD, WSDL, XSD, WADL. REST profiling and security using JSON or XML formats. Extensive xPath injection protection filters.
Ability to encrypt and decrypt parts of the content. SAML authentication integration as a Service Provider. Can also act as the Identity Provider (IDP) at the same time, or be integrated with any other IDP.
Check all incoming namespaces, nodes, types and all possible values to understand how the web service actually works.
Use WSF logs to simulate the data running through a new version of the security policy, before validating it, making sure legal requests are not blocked. Or understand what happened, after the fact.
Use DenyAll Vulnerability Manager to verify the efficiency of your security policy. DenyAll WSF can read the scan report and suggest configuration changes, thus virtually patching vulnerabilities.
DenyAll WAF adds the ability to secure http/https traffic. DenyAll WAM handles Web SSO for users, beyond the various authentication methods already supported (client certificates, SAML, Radius, LDAP, etc).