SecureSite (Web Application Firewall)!
Hellfire's enterprise-grade Web Application Firewall (WAF) ensures that your website or application is always secure and available. Based on Open-Source technology and experience and using a "Security as a Service" approach, Hellfire's security experts manage and update the WAF 24x7 to ensure that you are always protected against new and emerging threats.
Protection against OWASP Vulnerabilities
Hellfire's Enterprise-level WAF protects against the Open Web Application Security Project (OWASP) most critical Web Application Security risks, as:
SQL injection is a code injection technique that exploits a security vulnerability in the database layer of an application.
Illegal Resource Access
Illegal resource access is a web application attack used to access restricted resources and sensitive pages on your web server.
Cross-Site Scripting (XSS)
Cross-site scripting is a web application attack that exploits vulnerabilities on a visitor's browser, often leading to data theft and potential installation of malicious software on visitors computers.
Remote File Inclusion
Remote file inclusion allows an attacker to include a remote file usually through a script on the web server. Attackers use this type of attacks to steal information and even crash your web site.
Detecting bots, crawlers, scanners and other surface malicious activity.
Detecting access to Trojans horses and other types of backdoors.
Identification of Application Defects
Alerts on application misconfigurations.
Error Detection and Hiding
Disguising error messages sent by the server.
You start with our built-dashboard but you are free to create as many different dashboards as you want to provide the outlook you need.
Detailed Threat Information
Hellfire provides customers with a detailed analysis of every threat that was posed to your website including: IP address, user agent, location, and other pertinent session information.
Weekly Reports keep you aware of what's going on with your site, and provide at a glance a concise set of metrics outlining your current posture. If something catches your eye, you can always login to the portal to get more detailed information.
Customer-Specific Threat Policy Management
Each security rule can be configured specifically according to the customer's blocking policy (block request, block IP, block session or block log only).
Exception Handling and False Positive Tuning
The security policy can be fine-tuned to address specific URLs, fields, IP addresses and countries. Powerful access control capabilities enable you to define exceptions and minimize false-positive.
Hellfire-Custom Security Rules
Hellfire's custom security rules allow you to apply your organization's security policy within Hellfire's Web Application Firewall, by configuring a variety of rule triggers and adding different rule actions.
Hellfire uses crowdsourcing techniques to improve the security of the entire network of websites on the service. Any attack against a website protected by Hellfire is recorded and published throughout the network. All other websites are immediately protected from the malicious source and the attack technique.
Hellfire's unmatched network, system, and application assessment services are used by the world's most security-conscious businesses, insurance companies and financial institutions.
Security as a service
Hellfire assesses risk for all types of networks, is subjected to new challenges every day, and constantly updates our capability with the latest skills, techniques, and tools.
Decades of experience
Hellfire's assessment leads are required to hold the SANS GIAC Certified Penetration Tester (GPEN) certification and bring many years of security experience to help our customers address their complex issues.
Activated by simple DNS change
No hardware or software installation, integration or changes to the website.
Dedicated Security Research Team
Continuous improvement in both our understanding of and our capability to attack networks, systems, and applications.
Finding vulnerabilities now and addressing them before attackers do means you can avoid the risks that threaten your business.