FORTIWEB WEB APPLICATION FIREWALL

The FortiWeb family of Web application and XML firewalls protect, balance, and accelerate Web applications, databases, and the information exchanged between them. Fortinet designed the FortiWeb family is for medium and large enterprises, application service and Cloud-based Service Providers; and it can drastically reduce the deployment time and complexities of introducing and protecting your web-based applications. FortiWeb incorporates Fortinet's industry leading threat research to protect web-based applications, improving the security of confidential information and aiding in legislative and PCI compliance. FortiWeb goes beyond traditional web application firewalls to provide XML security enforcement, application acceleration, and server load balancing.

Fortinet's FortiWeb™ recently passed ICSA Web Application Firewall Certification. The specific model being tested is FortiWeb 1000B. ICSA Labs certifications are evidence of FortiWeb's commitment to uphold the industry's highest security standards. Achieving this certification ensures that FortiWeb™ customers benefit from best practices in the security industry for all their Web application needs.

• FortiWeb is the only product that provides a Vulnerability Scanner module within the web application firewall that completes a comprehensive solution for PCI DSS requirement 6.6.
• Web application firewall protection leverages signature and pattern matching, parameter validation, threshold based limits, session management, flow enforcement and other technologies to prevent attacks against vulnerable web applications.
• XML firewall enforces properly formed and coded pages through XML IPS, schema validation, WSDL verification, XML expression limiting and other Fortinet-developed security technologies.
• Guarantees security of web applications and secures sensitive database content by blocking threats such as cross-site scripting, SQL injection, buffer overflows, file inclusion, denial of service, cookie poisoning, schema poisoning, and countless other attacks.
• Aides in PCI DSS 6.5 and 6.6 compliance by protecting against OWASP top 10 web application vulnerabilities and using web application firewall technology to block web-based attacks.
• Web application firewall provides multiple protection layers to prevent attacks against vulnerable web applications: Application signatures, HTTP RFC compliance, auto-learn based violations, data leak prevention, and authentication capabilities.
• Web defacement protection monitors protected applications for any defacement and can automatically revert to stored version. Reduces deployment and management complexities by ensuring protection of all web applications regardless of code changes or additions.
• SSL and XML encryption co-processing accelerates transaction times, offloads encryption functions, reduces web server processing requirements.
• Server load balancing and content-based routing increases application speeds, improves server resource utilization and stabilizes applications.
• Active/passive high availability support implements full configuration synchronization to ensure availability of applications.