Embedded WAF is a software solution developed to increase exploitation difficulty of those 0- and 1-day vulnerabilities related to web technologies.
Nowadays, most devices have a web-interface to monitor, manage, and configure them in a convenient manner. As in the case with websites this part of firmware has vulnerabilities which can be used by attackers. Our security system was specially created and configured for endpoint devices.
Due to automatic preprocessing stage the study of the internal structure of the application and data learning algorithms. Our logic-based algorithms allow our products to capture a wider range of web attacks and possibilities, which helps us to detect even unknown or modified web attacks.
Security system include only minimal possible and nessesary logic for protection against web-attacks. It was designed with care about processor performance and energy saving.
In addition, our solution makes exploitation of those vulnerabilities that were overlooked by a developer more complicated, and allows boosting security mechanisms, which were not implemented or enabled.
It will be either extremely difficult or even impossible for an attacker to conduct a successful attack on a device. Forced channel protection is also possible.
There have always been a lot of vulnerabilities, and, no doubt, there will always be. Even one small vulnerability exploitation may lead to a system infection. Unfortunately, it is just impossible to completely get rid of vulnerabilities. However, there is a way to deter a threat of a successful exploitation.
We turn any attack into a failure.
- a device does not become a part of botnet
- a device becomes more credible to user (they entrust their own data to a device)
- a device is no longer a tempting target for an attacker
Advantages for developers:
- reduced costs on building and supporting their security teams
- extra amount of time to make security fixes
- opportunity to fully concentrate on a product development
- simple and elegant solution that makes a negligible impact on a device output
- No source code modifications
- Password Policy Enforcement
- Default passwords check
- Protection from easy passwords usage
- Static and Load-time web-instrumentation
- Minimal CPU overhead
- Flexible configuration
- Low cost enforcement protection
- Defense from:
- CSRF and One-Click Attack
- Path Traversal
- SQL injection
- Brute force attack
- Code Injection
- Command Injection
- Cross Frame Scripting
- Function Injection
- HTTP Response Splitting
- Forced Content Security Policy
- Session fixation
- Session hijacking
- Unicode Encoding
Vulnerable web-interface of admin panel: XSS, CSRF, directory traversal, LFI\RFI etc. Therefore, an attacker gets unauthorized access to a consumer's device.
Unsuccessful attempt to exploit the vulnerability.