rWeb is a proven, advanced Web Application Firewall. It provides the most comprehensive set of web application security features, including black list, white list, scoring list, user behavior tracking, advanced detection engines and virtual patching in combination with Vulnerability Manager. rWeb is a fully-featured Web Application Firewall (WAF) that blocks cyber attacks targeting both web-applications and web-services while limiting false positives.

rWeb protects your websites and applications from defacement, denial of service, data leakage, identity theft and intrusion attempts:

  • Effectiveness: Combining basic filtering methods (negative and positive security), with user behavior analysis and more advanced techniques, as required, to actually block attacks while minimizing the risk of false positives.
  • Scoring mechanism: The technology, tested against real traffic data collected during two years from loyal customers, protects against both known attacks and zero day exploits. It requires no learning, no updates and generates few false positives.
  • Behavior analysis: User behavior tracking prevents the illegal abuse of user rights and attacks such as cookie theft, brute force authentication, password cracking, site downloading, application-layer denial of service attacks.
  • Advanced engines: Signatures can be bypassed. As app learning isn’t practical in agile environments, rWeb’s grammatical analysis and sandboxing techniques increase efficiency and block attacks without generating false positives.
  • XML Security: WSDL, XSD and DTD template validation, XML transformation, access control lists (by URL, function, source IP), signatures against xPath and XML injections, attachment virus scan via iCAP, protection of UDDI servers.
  • Virtual patching: Tight integration with Vulnerability Manager provides administrators with practical recommendations on how to improve the WAF’s efficiency, by activating additional security engines and creating specific rules.
  • High reliability: Deployed as a reverse proxy, in blocking mode, rWeb acts as the actual web server, terminating standard and SSL traffic. With its built-in active-active and active-passive clustering capabilities, it won’t fail you.
  • Quick & easy setup: A checkbox-based, layered administrator environment, combined with templates for typical applications, APIs, command-line interface and console help streamline and industrialize the deployment process.
  • Certified by ANSSI (CSPN): The French national agency for information security (ANSSI) has certified rWeb for its first level security certification.
  • Label France Cybersecurity: Rohde & Schwarz Cybersecurity was awarded by the French government with the France Cybersecurity Label proving the quality and performance of our Web Application Firewall rWeb.