Tencent Cloud
Web Application Firewall

Web Application Firewall

An AI-based one-stop web business protection solution

Contact Sales

Overview

Tencent Cloud Web Application Firewall (WAF) helps internal and external Tencent Cloud users fight security issues such as web attacks, intrusions, exploits, trojans, tampering, backdoors, crawlers and domain name hijacking. By deploying WAF, corporate users can redirect the threat and pressure of web attacks to the protection cluster nodes of WAF, obtaining the web business protection capabilities of Tencent Cloud in just minutes to safeguard websites and secure operations of web businesses.

Benefits

AI+ Web Application Firewall

AI+ Web Application Firewall

Web attack recognition is based on AI+ rules. It is anti-bypass and low in both false negative and false positive rates. Web attack recognition defends effectively against common web attacks including the OWASP top 10 web security threats (SQL injection, unauthorized access, cross-site scripting, cross-site request forgery, web shell trojan upload, etc).

Virtual Patches for Zero-day Vulnerabilities

Virtual Patches for Zero-day Vulnerabilities

The 24/7 monitoring service from Tencent security team identifies and responds to vulnerabilities proactively. Within 24 hours, it issues virtual patches to zero-day and high-risk web vulnerabilities. Protected users can get zero-day and emergency vulnerability protection instantly and automatically, cutting vulnerability response time dramatically.

Webpage Tampering Prevention

Webpage Tampering Prevention

Users can cache core web contents to the cloud and publish cached web pages. It acts like a substitute and can prevent negative consequences of web page tampering.

Data Leakage Prevention

Data Leakage Prevention

Backend data is well protected by pre-event server and application concealing, mid-event attck prevention and post-event sensitive data replacement and concealing.

CC Attack Prevention

CC Attack Prevention

WAF’s customized access control, human-machine identification and frequency limitation can effectively filter spam access and reduce CC attacks.

Crawler and Bot Behavior Management

Crawler and Bot Behavior Management

The AI+ rules-based webpage crawler and bot management feature of WAF helps enterprises avoid business risks caused by malicious bot behaviors, including website user data leakage, content infringement, competing price comparison, inventory search, malicious SEO and business strategy leakage.

DNS Hijacking Detection

DNS Hijacking Detection

WAF performs nationwide DNS verification of the domain names submitted by the customer to detect and display the hijacking conditions of the protected domain names in various regions, helping avoid data theft and financial losses caused by hijacking of website users.

Features

Traditional WAF core engines generally use a collection of regular expressions, which are prone to false negatives bypass and false positives and can result in operation problems. In contrast, Tencent Cloud WAF takes the lead to adopt AI+ rules-based dual engine detection technology to maximize detection and capture of known and unknown threats. It minimizes false positives and adapts to changing web applications.
With AI for threat prevention, rule-based dual engine, cross-validation and continuous learning, WAF can accurately and effectively identify and block various conventional, zero-day and new types of attacks.
There are chances that common semantic learning-based AI technologies for threat prevention may be bypassed by experienced hackers. However, the AI system of WAF is based on Tencent's proprietary probability map technology and trained with massive amounts of data of attacks and normal access requests to Tencent's business platforms, which is proven to significantly increase the ability to identify threats and adaptively protect constantly changing web applications.
By continuously learning the characteristics of high volumes of business data, WAF can automatically generate business-based personalized protection strategies to prevent false positives of special business access requests.