An API should have built-in protection for common threats, such as OWASP Top 10 and OWASP API Security Top 10.
Many organizations struggle to keep up with updates and patching new vulnerabilities. A WAF should offer virtual patching, which blocks attempts to exploit known vulnerabilities.
New vulnerabilities are discovered every day. A WAF’s database of known attacks should be regularly updated to provide up-to-date protection.
Account takeover attacks (such as brute force password guessing or credential stuffing) are increasingly common. A WAF should automatically detect and block these attempted attacks.
Some attacks (such as cookie tampering and directory traversal) target the business logic of an application. A WAF should detect and block attempts to exploit these attack vectors.
A WAF should be able to correctly identify and report requests coming from known data centers (in contrast to requests coming from residential IP addresses), Tor exit points and proxy servers.
A WAF should provide comprehensive protection for websites of any type. This includes single page applications (SPA), websites, and web applications.
APIs are a growing and vital component of an organization’s digital infrastructure. A WAF should support common API protocols, including XML-based (like SOAP), JSON-based (like REST), GraphQL, and gRPC.
Serverless applications are growing in popularity. A WAF should be able to protect AWS Lambda, Azure Functions, and GCP Cloud Functions.
A WAF should be able to provide protection in any deployment environment. This includes public, private, hybrid, and multiple clouds, private data centers, Kubernetes clusters, and service-mesh.
Organizations are increasingly moving their applications to the cloud. A WAF should be designed to operate in cloud environments and take advantage of the cloud deployment (e.g. to be deployed in Kubernetes as a sidecar proxy or Ingress controller).
An organization may have multiple different sites (or multiple departments/subsidiaries) that it wants to protect against attacks. A WAF should offer multitenancy to enable multiple sites to be protected by a single solution with proper user permissions management capability.
High false positive rates commonly drive WAF users to deploy solutions in passive/monitoring mode. A WAF should offer a low false positive rate to make production deployment usable
A signature-based WAF is typically more difficult to manage (add rules to avoid false positives) while keeping a high level of application protection. Your WAF should be able to block malicious requests without a need to manage signatures.
per customer and per applications. A WAF should automatically learn the application structure and create necessary security rules
WAF solutions with vendor Cloud based monitoring & protection module should provide SOC capability to the customers as a part of subscription service.
Users should be able to deploy it to any Public Cloud like AWS, Azure or GCP.
A WAF should support a module-based integration in your existing NGINX load balancer.
It should be easy to deploy an auto scaling cluster of WAF nodes using provided Terraform automation code.
built on the modern tech stack and using REST, SOAP, gRPC, GraphQL, WebSocket.
A WAF should be able to automatically protect API endpoints without a need for the user to provide API schema definitions.
An organization’s security team needs to be able to easily determine the current status of its web security and respond to potential threats. A WAF should offer a web-based user-friendly dashboard to maximize the effectiveness of an organization’s security team.
Give me a pcap.
Most organizations are subject to a number of different regulations with associated security and reporting requirements. A WAF should offer support for common regulations (like PCI DSS or GDPR) and enable users to easily collect data and generate reports for auditors or regulatory authorities.
An organization’s security team may need to generate reports for executives, auditors, etc. A WAFshould have integrated support for generating common reports.
WAF vendors should meet SOC2 compliance requirements & have SOC2 certificate to meet customer standards and practices.
An organization needs to be able to easily configure its WAF to meet its unique business needs and install updates to take advantage of new features and functionality.
A WAF solution should provide a detailed documentation site about how to deploy and use the system.
Cyber Protection becomes a key part of IT infrastructure today & customers should be able to afford WAF protection relevant to their size & infra maturity level.
Many WAF vendors make pricing structure unclear & complicated, so customers are exposed to un-expected price increase with more traffic & usage. Ideally, WAF vendors should have a single trigger for price increases with predictable & transparent pricing model, so customers can plan ahead with their operations growth.
A WAF should include a publicly-accessible API. This enables users to integrate it with a variety of different external solutions, such as log management with an ELK stack.
A WAF should incorporate support for webhooks - this enables the development of custom issue tracking and analytics platforms.
A Security Information and Event Management (SIEM) solution is designed to provide security data aggregation and analytics. A WAF should have integrations for major SIEM platforms: Splunk, Sumo Logic, IBM QRadar.
Adoption of DevOps principles means that development teams need to be able to automate testing and deployment activities. A WAF should integrate into DevOps pipelines to enable rapid configuration updates. A WAF should have built-in integrations for major DevOps tools like PagerDuty and OpsGenie.
Security teams need to rapidly respond to potential incidents. A WAF should include integration with common messaging platforms for instantaneous notifications: Slack & Microsoft Teams.
WAF customers should be able to customise & set events notifications (also known as “Triggers”) including integrations with SIEM, DevOps & Messenger tools. Apart from notifications on events (like attacks), WAF Customers should be able to use “smart” blocking techniques & set quick action rules.
WAF nodes should provide helpful monitoring metrics in popular Prometheus format.
A WAF should automatically identify potential vulnerabilities within an organization’s applications. Detections should be based upon active/passive scanning, threat intelligence, and knowledge of public vulnerabilities.
A WAF should be capable of detecting and alerting on misconfigurations that impact the security or usability of an application or API.