Protect web infrastructure against DDoS, SQL injection, XSS, and SSL attacks

DDoS attacks work by using multiple origin points to saturate network applications with network traffic. Doing this makes it difficult to identify a single attacker, and applications crash and become unable to serve legitimate users. For a business, this translates to measurable lost revenue while critical applications are down.

Citrix ADC and Citrix Web App Firewall prevent a variety of DDoS and DoS attacks, providing protection against tactics such as:

• External entity references
• Recursive expansion
  
• Excessive nesting
  
• Malicious messages

SQL injection is commonly used to steal identity data and other sensitive information. By inserting unauthorized database commands into a vulnerable website, an attacker may gain unrestricted access to the entire contents of a backend database.

Citrix Web App Firewall identifies and mitigates against a variety of SQL injection attacks. It also prevents XML and JSON attacks through payload inspection, via a rich set of specific protections.

SSL-based attacks, in the absence of dedicated hardware for SSL termination and inspection, carry a heavy processing penalty. Working with Citrix Web App Firewall, Citrix ADC protects against compute-intensive SSL-based DoS attacks, providing broad coverage without the need to implement another set of dedicated devices.

XSS attacks are commonly used to steal user identities, hijack user sessions, poison cookies, redirect users to malicious websites, access restricted sites, and even launch false advertisements.

Citrix Web App Firewall has dynamic, context-sensitive capabilities to prevent XSS attacks. The platform searches anything that looks like an HTML tag and checks against allowed HTML attributes and tags to detect attacks. Custom XSS patterns can be stored to modify this default list of tags and attributes. HTML, XML, and JSON payloads are inspected and field format protection and form field consistency are included.