Protecting web applications
Web application firewall (WAF) features are included in NEVIS to protect your site against common web application attacks. There are three different starting points to configure WAF features:
- Reduce the risk by preventing the most "popular" security flaws. We recommend consulting the nevisProxy reference guide, chapter "Countering the OWASP Top 10 Attacks" to get a list about the most critical risks facing web applications.
- Find out the weaknesses of your applications. Results of a penetration test may show you some security issues and you should activate dedicated filters to protect your application against the exploitation of known vulnerabilities.
- Enable the security features provided by nevisProxy wherever possible. The nevisProxy reference guide provides the "Security Feature Check List". Use this check list to verify that you have enabled as many security features as possible suitable to protect your application.