Website Security - DigiCert Cloud WAF

DigiCert Cloud WAF is a cloud-based service that protects against attacks targeting websites or web applications running on them. It can prevent information leakage and virus dissemination due to external attacks.
The rapid response of all systems to the security emergency patches required to keep websites secure puts a pressure on internal resources and costs. By installing a WAF (Web Application Firewall), attacks targeting vulnerabilities can be prevented and appropriate patch can be applied well in advance. In addition, vulnerabilities can be addressed without modifying websites, which leads to enhanced website security and the budget equalization.
DigiCert Cloud WAF provides WAF functions via the "WAF Center".
The WAF Center has a system in place for operation and maintenance such as adding or maintaining signatures for new attack methods, which makes it possible to install the system even without security knowledge or operational experience.


WAF can be installed without modifying existing system
The only work to be done on the customer side is to change the DNS and upload the SSL certificate.
Can be installed in a short period of time
The WAF can be started in a short period of time because there is no need to install hardware or software.
All operations and signature updates are handled on the cloud side
WAF can be installed even if the customer does not have a security engineer. The WAF Center collects the latest information everyday and responds quickly to new vulnerabilities.

Comparison between Traditional WAF and Cloud WAF

Major Defensible Attacks

It covers many of the major attacks against web application vulnerabilities. We also update our signatures as needed to address new vulnerabilities, so the customer can maintain the latest security measures without having to be particularly aware of them.

Attack Category Attack Name
Authentication Round-robin
Password list attack
Client-side attack Cross-site scripting
Cross-site request forgery (requires adjustment at the time of installation. There might be a separate charge for this service depending on the adjustment.)
Execution by command Buffer overflow
OS command injection
SQL injection
Xpath injection
Format string attack
LDAP injection
SSI injection
Information disclosure Directory indexing
Information leakage
Past traversal
Locating resources
Attack targeting specific middle-ware/framework Attack using vulnerabilities in Apache Struts 1&2
Attack using vulnerabilities in GNU bash (CVE-2014-6271)
Attack using SSL 3.0 vulnerability (CVE-2014-3566)
REST API Vulnerability in WordPress 4.7.1
Anti-malware Drive-by download (email spread by gamblers) attack
Attack on the platform DoS attacks exploiting platform vulnerabilities (such as ApacheKiller, hashDoS)
DoS attack from a small number of IP addresses (such as mass normal communication, Slowloris, SYN flood attack)

List of Key Functions

Defense function Blocks the communication if a pre-registered unauthorized communication pattern is detected
Monitoring function Records the communication when a pre-registered illegal communication pattern is detected (does not block the communication itself)
Log function Records the communication that appears to be fraudulent and makes the log accessible
Software update function Updates software to improve defense function
Signature update function Updates unauthorized communication patterns from time to time to improve effectiveness of protection
Specific URL exclusion function Excludes web pages that do not require defense function from protection
Report function Reports the following information on the management screen (using a Web browser)
• Statistical functions (attack source, attack type, action)
• Top tally of attack sources, types of attack
IP address rejection/authorization function Rejects communication from a specific IP address or allows communication only from a specific IP address
SSL communication function Decrypts and protects encrypted communication

Flow from Installation to Operation

The only work to be performed on the customer side is the part in red below.

Advance preparation Start service Monitoring period Start service Start service
• Fill out the hearing sheet and place order
• Acquisition/configuration of certificates for WAF
• Change DNS settings
• Launch service in the form of monitoring attacks without defending against them
• Monitor WAF settings for about one month and confirm that normal communication does not stop • Start defense • Troubleshooting:
24 hours a day and 365 days a year
• Product support: Weekdays 9:30-17:30

Related Information

* These products or services are only available in Japan.

Website Security - DigiCert Cloud WAF