Web Application Security Complete OWASP Protection Protect against all OWASP-listed attacks, including the “top 10” (SQL Injection, cross-site scripting, CSRF, etc.), and recent additions such as API protection. Advanced logging and reporting provides deep view into traffic and attack details, enabling administrators to block, throttle, redirect, or take several other actions to maintain complete protection. Application Learning (Adaptive Profiling) Build positive security profiles for applications by sampling web traffic from trusted hosts. Once enabled, the positive security profiles allow administrators to enforce granular whitelist rules on sensitive parts of the application. This greatly reduces the risk of attacks and helps prevent zero-day vulnerabilities. Server Cloaking Often the first step of a targeted attack is to probe public-facing applications to learn about the underlying servers, databases, and operating systems. Cloaking prevents attack reconnaissance by suppressing server banners, error messages, HTTP headers, return codes, debug information, or backend IP addresses from leaking to a potential attacker. URL Encryption Encrypt URLs before they are sent to clients, and ensure the original URLs or the directory structure are never exposed externally to prying eyes*. End users of the web applications interact and navigate the site using only encrypted URLs, which are decrypted by the WAF. The decryption process immediately identifies URL query or parameter tampering, malicious content injection or blind forceful browsing attacks. * WAF models 660 and above Geo-IP and IP Reputation Checking Using client source addresses, organizations can control access to web resources. The Barracuda Web Application Firewall can control access based on GeoIP to limit access only to specified regions. It is also integrated with the Barracuda Reputational Database and can identify suspicious IP addresses, bots, TOR networks and other anonymous proxies that are often used by attackers to hide their identity and location. Once an IP address is identified as a risk, administrators have the ability to block, limit, throttle, or issue a CAPTCHA challenge before allowing access. Integrations: MaxMind Virtual Patching and Vulnerability Scanner Integration Integrate with Barracuda Vulnerability Manager, Cenzic Hailstorm, HPE Security WebInspect, HPE Security Fortify On Demand, or IBM AppScan to automatically configure an application’s security template and protect against identified issues. All of this is automatic using the output data from the scanners (without any administrator intervention).Barracuda Web Application Firewall also integrates with over 20 vulnerability scanners via Denim Threadfix integration. Malware Protection and Anti-Virus Seamless integration with Barracuda Advanced Threat Protection (BATP) to provide security against advanced threats. Simply add BATP to the Barracuda WAF to block advanced zero-hour threats. By analyzing files in a CPU-emulation based sandbox, it can detect, and block malware embedded deep inside files uploaded to websites or web applications. Outbound Data Loss Prevention Inspects all outbound traffic for sensitive data leakage. Content such as credit card numbers, U.S. social security numbers, or any other custom patterns are identified and can either blocked or masked without administrator intervention. Furthermore, the information is logged and can be used by administrators to find potential leaks.