As a reverse proxy, Barracuda Web Application Firewall and WAF-as-a-Service intercept and secure all URLs against attacks. This means that attacks that use the actual URL surface are defeated and includes examination of the entire URL for malicious inputs.
Incoming requests are checked for valid content—in terms of both protocol correctness and allowed sizes—to protect the backend application’s parser against targeted attacks.
API traffic is inspected for attack patterns using our Smart Signature technology. All user inputs are validated against these Smart Signatures to detect attacks such as XML external entities, SQL injections, and more.
Using the API specification, Barracuda automatically creates and enforces gradual positive security down to the key level. This enforcement adds a layer of protection over the signature enforcement layer.
Outgoing traffic can be inspected for specific patterns like SSN’s, national identity numbers, credit card numbers, etc. to strip them out and prevent data leakage.