Products

Products overview rWeb sProxy rFTP Appliances Technology overview Scoring List UBT Open Architecture

News

V. Rasneur (from the R&D team) won the development contest organized by Hex-Rays

During itsa our team participated to roundtables about Vulnerability of Web Applications

Deny All releases a patch against Slowloris, an attack against Web servers

rWeb 3.8 evaluated by SIC Laboratory

Technology overview

Web Application Security

The powerful technologies developed by Deny All security experts can be used to handle all WEB application security problems.

Protocol checking and canonization

Some attacks use the http protocol inappropriately. Protocol checking ensures that the queries received comply with the protocol. Canonization is used to protect against attacks attempting to access resources that should not be accessible, such as a directory traversal.

Anti Evasion

Hackers frequently encode their attacks to bypass application filtering. It is therefore vital to decode queries before filtering them. rWeb is configurable and decodes them in detail.

Anti DoS

When certain dynamic pages are called, they consume huge amounts of application or database server resources. The behavioural analysis module responds to this problem by associating the origin of the query with the number of calls. Beyond a certain threshold, queries from this source are blocked.

The Black List

Every day, new vulnerabilities are discovered in WEB applications.
These vulnerabilities are recorded in the blacklist in the form of signatures.
If a query is similar to one of these signatures, it is rejected.
Security must not be at the expense of the user experience. This is why Deny All has set up a black list with groups that can be used to assess a query under certain conditions, thereby preventing unnecessary resource consumption.
Deny All has its own monitoring unit: the “DARC” (DenyAll Research Center), with the task of enriching and updating the blacklist.
The black list is implemented instantaneously and requires no training.

The Scoring List

Many attacks are based on programming or command languages. These attacks vary in structure and cannot be identified effectively using a blacklist.
In response to this problem, Deny All has created the Scoring List, backed by 10 years of experience and research in the field of application filtering.
The Scoring List is implemented instantaneously and requires no training.

The White List

The White List reinforces the level of security by defining the normal framework for using the WEB application. It verifies the integrity of exchanges between the client and the server, checks the conformity of calls for static and dynamic pages and the parameters.
rWeb defines three levels for the White List. These levels correspond to a “level of security/complexity of administration” ratio on a scale ranging from the strictest where all elements of the query are checked to the “extension” level, which only verifies the extension of the pages called.
The white list rules, adapted to each application, are generated automatically using the site scanner Scanweb and the “Rules Wizard”:
Scanweb prototypes all possible uses of the application, including applications that use JavaScript, while the Rules Wizard automatically generates the filtering rules.

Statefull Tracking

Web applications send “session” data to browsers to ensure data persistence throughout the connection. This may take the form of cookies or data hidden in the web page.
Some attacks attempt to modify this data in order to alter the functioning of the application.
rWeb uses a monitoring and verification mechanism to detect and block this type of threat.

Anti brute force

Hackers use easy to implement tools that generate automated authentication attempts. These tools use dictionaries or string generators to guess the user password.
The behavioural analysis module detects these attempts and blocks queries from the attacker.

Uploaded file check

Certain applications may ask the user to upload files.
In this case an anti-virus check must be performed (locally or via ICAP) before transferring the file to the WEB application.

Outgoing Filtering

Applications may divulge sensitive information in their error pages that should not be accessible to users. This information could allow hackers to check the situation to determine the attack perimeter.
It is also important to be able to prevent the loss of sensitive data such as credit card numbers (PCI-DSS). Outgoing filtering provides a response to these problems.

Virtual Patching

Security audits carried out on WEB applications can update application vulnerabilities which, in some cases, cannot be covered by positive or negative security modules, such as horizontal escalation vulnerabilities.
The behavioural analysis module is used to make a virtual patch upstream on the reverse proxy to plug the vulnerability immediately. This is used to correct the defect immediately and to give development teams the time required to correct the vulnerability in depth in the application.

Application Performance

“Security must not be at the expense of the user experience.”

Cache

rWeb provides cache functions for the static components of web pages (images, fixed text, etc.). This releases server resources for operations requiring processing power.

SSL Release

Web servers are relieved of SSL processing, which is very heavy in terms of CPU resources.

TCP multiplexing

TCP multiplexing reduces the number of connections that a server has to handle and reduces the drain on resources for input/output processing.

Compression

Compression on the fly is used to reduce the size of the pages returned. This results in bandwidth gains and reduces the transfer rate.

Load Balancing

In order to deal with high traffic volumes and to satisfy the need to handle a growing number of users, it is important to have scalable infrastructure. The Load Balancing function responds to these requirements and also adds value in terms of service availability.
A health check is performed on each server in order to maintain a list of available servers. This test can be performed up to level 7 (read a predetermined item on a page).
SLB (Server Load Balancing) splits the traffic using different algorithms (round robin, number of queries or weighting depending on the server response times) and uses a persistence mechanism to ensure that a session remains on a single server.

Architecture Security

“An application firewall also improves the level of infrastructure security”

Reverse Proxy

Reverse Proxy technology improves the level of security by providing a protocol break and virtualising the application infrastructure. In addition, since all web flows are filtered and analysed, they can be sent securely to any point of the infrastructure.

Multi DMZ

Multi DMZ mode improves the level of infrastructure security be deploying the two rWeb components in two different DMZs. The acceleration is performed in the public DMZ and the filtering + authentication in the private DMZ. This segmentation is used to keep the WEB applications and databases together at the core of the information system to allow less restrictive use of the WEB applications and databases.

Diode Mode

Rather than transferring queries from the public DMZ to the private DMZ, the filtering component in the private DMZ searches for queries in the public DMZ. This means that only one firewall rule is needed to authorise connections from the public DMZ to the private DMZ, making the private DMZ totally “watertight” in relation to the public DMZ.

High Availability

Our Appliance solutions implement high availability mechanisms that guarantee service continuity even in the event of a hardware failure.