Due to the nature of our product some countries may not be elidgable for our services at we some products will ge bovened by regulation (eu) 2019/496 of the european parliament and of the council of 25 March 2019 restricting the distribution of Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS).
The FireWall Solution
Web Application Firewall for .Net
Why use a ASP-WAF firewall
ASP-WAF firewalls is a Intrusion Detection Systems (IDS) as well as an Intrusion Prevention Systems (IPS) and has
the best value propositions amongst any of the solutions on the market. The problem with all other firewall solutions
is that they open port 80 or 443 and allows all traffic on the network to your application. The ASP-WAF firewall solution
goes further than that, we look at the connections to your web application and deal with malicious or unwanted activity
at an application level.
287 days before a breach is detected
According to IBM, it takes companies 287 days to detect that they have been hacked and that the the average cost of a ransome breach was $4.2m, our IDS/IPS framework will help you do better at a fraction of the cost.
You are able to use the firewall in rapport only mode for free, for as long as you like. This allows you to get to know our product
and get a feel for the exposure your domain is having as well as what types of exploits are being tried,
register and get started today.
Most users are amazed as to the percentage of visits are actually by bot's and hackers and not the targeted
audiences and find-out that they have to dramatically have to adjust their marketing effectiveness metrics.
Paid licensing options
We offer 5 licensing subscription levels, below you will find a list of functionalities in each of the versions.
Please note that all paid versions come with a 30 day trial period, after the trial payment will be accepted by purchase order & Invoice.
We do not offer credit card payments at this time.
You can download and get started right now using the NuGet package Walter.Web.Firewall there are 2 options,
you use a community edition using a community license or a payed version.
We have some getting started samples on GitHub as well as download the documentation here We encourage registration of community editions however we do not require it.
You can register any version and pay per bank transfer within 60 days. If you change your mind and do not wish to continue with our product
simply not pay the invoice and after 60 days we reserve the right to downgrade the license to a registered community edition (free) and cancel the invoice.
Registering also has the benefit of generating the code for you to enable the firewall in your project
The firewalls by themselves already quite powerful, however, the functionality of the of the firewalls and the ways you can integrate them into your project makes them truly valuable assets as you can control the level, as well as the way you wish to protect yourself.
Included below a few of the major use cases that the firewall enables you to implement
Fine tuned request blocking
Being able to control what features are available based on the geographical location
or of the requests origin allows you to block site access, pages access or regions in pages.
But that's not all, you can also block ISP's search engines.
this enables you to:
Implement GEO Blocking
Allows for blacklisting and white listing of geographical regions.
Implement ISP/Data center Blocking
Hide content depending on the provider (as bots live in the cloud users do not).
Automated IP Blocking
When requests are identified by the rule engine as Suspicious or Malicious then the firewall will act accordingly. You can manually override such flags as Safe for a duration, or for ever.
When an IP is used by several users and when requests of a specific device are identified by the rule engine as Suspicious or Malicious then the firewall will act accordingly and block a device from a given IP. You can manually override such flags as Safe for a duration, or for ever.
Use our tag-level blocking
Content clocking can be implemented on almost all HTML tags, the major ones
like <script>, <css> , <div>, <a> are all included.
Blocking is possible on region as well as user type (Search engine, Bot, Human,...)
We can detect penetration attacks at a very early stage as we do not only monitor requests but we also employ honey pot strategies.
You can further defend your system by not using default routs making it easy for us to spot the villain.
this enables you to:
Actively identify and block those that are probing the systems for weaknesses
Patch known security holes with our free rule engine subscription
Cross site scripting
Stops all known vulnerabilities know as CORS exploits
Plugs holes known SSL attacks to-date
Man-in-the-middle & Sniffing
Even in a TLS environment like VPN and SSL tunnels there are quite a few bad actors out there and the Internet is not getting friendlier.
In our solution we use a "per request" public private key pair to communicate between server and client to protect data and detect tampering & spoofing.
We will send rule engine updates to your firewall whenever your firewall starts as well as at regular intervals thereafter.
This way you are always patched and you do not have to update and re-deploy the firewall to get up-to-date security.
this enables you to:
Good coverage of possible exploits
We use machine learning to understand good and bad traffic and are able to detection:
HMAC password reset link
Over-under filling for data
and so much more
Detect real and fake search engines and allow or disallow access to:
Elements on a page by not rendering tags like hyper-links
Control access to sitemap.xml and robots.txt to only preferred search engines
We can identify them and block them or feed them false information at the page, or HTML tag level.
Define when and how often you would like to receive an malicious activity report via email
Automated reporting to ISP of abusing IP
Contacting the owner of a given IP address and file a abuse report along with the detailed malicious activity report for a given IP address.
Depending on the license level you are able to follow up with on the reported ticked with a incident ticket
When alteration of content is discovered the site can:
Receive a notification of what was altered and by whom.
Shut-Down and notify you so you can republish the site.
Roll-back the changes to the state in memory, and notify you.
Protect sensitive data on the server by encrypting and decrypting:
Cipher data based on Public & private key-rings
Cypher data using row level encryption
Cipher using several algorithms
Cipher cookie and header values
Fake technology stack
Hide the version of IIS Server and framework that you are using by masking a another server or technology stack.
Cookie & Header names
Make life miserable for those that like to penetrate your site by change your cookie
and website header names for the whole site, a single IP, or a single User. This makes scripting attacks
that much harder and use our helpers to transform the users to the new names never loosing your sites functionality.
Block sensitive data
Deny access to data based on rules like storage, location, storage method, user type and geographical location
Why adapt your application to the firewall when you can adapt the firewall to your requirements.
You have access to the interfaces and classes and you can create your own extensions.
You can access the documentation online or download the compiled help file (.chm) from here for of-line viewing.
On support.asp-waf.com you will also find getting started information in the form of sample projects and code snippets
Look who's Talking
Depending on your license look and see who is talking with your server as well as with whom is your server talking.
Depending on the license and configuration you are able to use firewall the integration modules to block suspicious incomings and outgoing communications.
The firewall can be used to "white-list" incoming and outgoing communications and you will be able to be able to early
detect penetrations to the physical server and document the communications as well as prevent damage before it is too late.
Look who's talking is available as an integrated service in the firewall as well as a standalone micro server that you can use on your server'