A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

DenyAll Web Application Firewall

DenyAll Web Application Firewall is the foundation for our next generation application security products. It combines ease of configuration – with its workflow engine and management APIs – with a proven ability to secure web applications. It embeds negative and positive security, in-context, user behavior analysis, and soon-to-be added rWeb advanced security engines, to efficiently protect your web applications while minimizing false positives.


Main benefits of using DenyAll Web Application Security

Advanced Security

Beyond the basic capabilities of traditional negative and positive security models, DenyAll’s scoring mechanism, user behavior tracking and advanced detection engines deliver best-of-breed security that won’t let you down. None of our customers have made the headlines with security breaches.

Confidence in your Web Services

Web Services and automated machine-to-machine communications support business processes, internal and with ecosystem partners that are often critical. DenyAll makes it easy to optimize and secure these XML-based data flows, with capabilities found in no other WAF or SOA Gateway

Streamlined policy management

Modern application logic tends to be complex, making WAF administration challenging. DenyAll’s innovative approach, based on a workflow engine, provides a visual representation of data streams and policy that is both powerful and ergonomic, saving administrators a tone of time.

Deploy anywhere, even in the Cloud

Application security needs to follow wherever your applications go. Whether you use the cloud only to test the scalability of your applications, or actually use them in the cloud, you need a WAF to protect those data streams. DenyAll WAFs can run anywhere, including on AWS and Azure.

Virtually patch vulnerabilities

Provisioning ad hoc security policies for yet unprotected applications, or adjusting the settings of your WAF based on the input of a vulnerability scan greatly improves security. You are saving time, limiting your attack surface while your team takes action to remove the vulnerabilities.

Advantages & Benefits


  1. Time-tested security, effective against known and unknown attacks
  2. The ability to combine negative & positive security with user context (time, location, device, etc)
  3. A productive environment which lets administrators manage policy and optimize data flowsvisually using a proven workflow approach
  4. The ability to profile web applications and learn how they work
  5. The option to replay logged traffic to tune policy, perform forensics analysis
  6. Virtual patching with DenyAll Vulnerability Manager and 3rd party vendors
  7. APIs to industrialize deployments
  8. The flexibility of managing both virtual and hardware appliances
  9. Support for key authentication methods
  10. The ability to add features with DenyAll Web Services Firewall (secure XML/JSON traffic) andDenyAll Web Access Manager (simplify user access/control)