Tencent Cloud Web Application Firewall (WAF) helps internal and external Tencent Cloud users fight security issues such as web attacks, intrusions, exploits, trojans, tampering, backdoors, crawlers and domain name hijacking. By deploying WAF, corporate users can redirect the threat and pressure of web attacks to the protection cluster nodes of WAF, obtaining the web business protection capabilities of Tencent Cloud in just minutes to safeguard websites and secure operations of web businesses.
AI+ Web Application Firewall
Web attack recognition is based on AI+ rules. It is anti-bypass and low in both false negative and false positive rates. Web attack recognition defends effectively against common web attacks including the OWASP top 10 web security threats (SQL injection, unauthorized access, cross-site scripting, cross-site request forgery, web shell trojan upload, etc).
Virtual Patches for Zero-day Vulnerabilities
The 24/7 monitoring service from Tencent security team identifies and responds to vulnerabilities proactively. Within 24 hours, it issues virtual patches to zero-day and high-risk web vulnerabilities. Protected users can get zero-day and emergency vulnerability protection instantly and automatically, cutting vulnerability response time dramatically.
Webpage Tampering Prevention
Users can cache core web contents to the cloud and publish cached web pages. It acts like a substitute and can prevent negative consequences of web page tampering.
Data Leakage Prevention
Backend data is well protected by pre-event server and application concealing, mid-event attck prevention and post-event sensitive data replacement and concealing.
CC Attack Prevention
WAF’s customized access control, human-machine identification and frequency limitation can effectively filter spam access and reduce CC attacks.
Crawler and Bot Behavior Management
The AI+ rules-based webpage crawler and bot management feature of WAF helps enterprises avoid business risks caused by malicious bot behaviors, including website user data leakage, content infringement, competing price comparison, inventory search, malicious SEO and business strategy leakage.
DNS Hijacking Detection
WAF performs nationwide DNS verification of the domain names submitted by the customer to detect and display the hijacking conditions of the protected domain names in various regions, helping avoid data theft and financial losses caused by hijacking of website users.
- Industry-leading AI+ Rules and Dual Engine
- Integration with Tencent's Big Data-based Threat Intelligence
- Virtual Patches for Vulnerabilities
- Proprietary AI-based Crawler and Bot Behavior Management Module
- Proprietary DNS Hijacking Detection Module
- Data Leakage Prevention
- CC Attack Prevention
- Webpage Tampering Prevention
- Custom Protection Strategies
- One-click Integration with High Defense Capabilities
- Fast and Reliable Protection Experience