Today 2 important software items have been implemented: 1. an important DDoS protection structure update. 2. the addition of a web-app scanner.
DDoS protection software update
In the past months our R&D department completely re-written the source code of our Cybersecurity DDoS protection service layer.
The filters (firewall rules) got also an huge update under the hood. Now users will see a lot of similarity with all existing options some options are added and the performance is enormous.
Now that the new underlying protection layer is in use, our team is able to add way much more functionality which will better integrate with the new advanced layer 7 DDoS protection features of Web Application Firewall (WAF). Therefore, we will start adding new features in the upcoming weeks. Stay tuned!
Sercurius next step, the application scanner
Our goal of building a new and better Web Application Firewall cloud service starts with adjusting security exactly on the application. Otherwise it would be yet another OWASP top 10 WAF like many other. Our WAF should be very specific, offering a tailor-made security layer per application.
90% of all Web Application Firewall (WAF) protected web applications in the world are currently using generic WAF rules which are useless to protect their hosted application. It’s like protecting yourself in a hot dessert against sun and also allot of snow. All this useless security functionality will slow down the application performance and result in higher latency per HTTP(S) request, something everyone just want to avoid. Therefore, it’s very important to use only WAF security rules which are related to the software of the hosted application. When a website without SQL database is protected by SQL based WAF rules for example, it slows down the latency and it have an unnecessary chance of false positives.
To speed things up and makes your WAF configuration creation more easy I added a brand-new App scanner on the Sercurius website. It looks for unique patterns in the source code of the website, the response headers, scripts variables and several other methods to see which pieces of default software like Apache/IIS, PHP/ASP, WordPress/Joomla/Drupal, etc. your website is using. This information will be used to create or activate the right WAF protection rules for it.
Play with it, have fun!