Not the ordinary Web Application
and API Protection
Mithril is more than a Web Application Firewall (WAF). It’s a Web Application and API Protection (WAAP). In fact, WAAP services combine cloud-delivered as-a-service deployment of WAF, bot mitigation, DDoS protection, and API security. But Mithril goes further: it extends WAF functionalities with a lot of modules to better protect your web application or website, and increase performance. In particular, our WAF is based on OWASP Core Rule Set (CRS).
What’s the CRS?
It is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls.
What is its purpose?
The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including:
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- PHP Code Injection
- Java Code Injection
- HTTPoxy
- Shellshock
- Unix/Windows Shell Injection
- Session Fixation
And what about Mithril’s team?
Our developer team constantly works to develop new rules to extend the OWASP Core Rule Set including specific ruleset for the most used CMS such as WordPress, Joomla, Drupal, Magento, Prestashop, and many others. When it comes to innovation, once is not enough. This is the reason why Mithril gets better and better.
Benefits:
Mithril helps you to secure and protect
your web application or website from:
OWASP TOP 10 attacks
This Web Application and API Protection detects and prevents a wide range of attacks, including the OWASP TOP 10 with a minimum of false positives. Read more about OWASP TOP 10 on OWASP website.
OWASP Automated Threats
All websites and web applications are subject to unwanted automated usage. Mithril protects your web assets from a huge variety of automated threats such as Credential and Token Cracking, Spamming, Fingerprint, Denial of Services and of Inventory, Content Scraping, and Unwanted Crawling. Read more about Automated Threats on OWASP website.
Bad Bot and Impersonators
Did you know there are four generations of Bad Bot?
– The first generation includes bots controlled by a simple script that doesn’t handle sessions and is very easy to intercept.
– The second generation includes scripts able to handle sessions and to impersonate real browsers or search engine crawlers (such as Googlebot).
– The third and fourth generations are real browsers sometimes controlled by “webdriver” that can handle sessions and can execute JavaScript.
With Mithril you can easily identify those Bad Bots generations and block them.
Password in data breach
Do you know if any of your website or web application user login with a breached password? Mithril can check the user’s password during the login by anonymously sending a partial MD5 hash of the user’s password to the Have I Been Pwned service. If a password is present in any of many public data breaches, Mithril can alert the website administrator or even prevent the user from login. Read more about Have I Been Pwned.
Brute-Force and web scan protection
Thanks to its Correlation Engine, Mithril can easily intercept web scan activities and block them for a configurable amount of time. With the Mithril JavaScript Challenge you don’t need a CAPTCHA to protect your login form. Read more about Mithril JavaScript Challenge.
Caching and Always Online
With Mithril you can cache static contents such as images, CSS styles, javascript, fonts, etc. to increase the response time of your website. You can even cache the whole website, and make it stay always online even if your website is unavailable or not reachable.
Features:
Let’s find out Mithril’s key features!
Web Console
an easy to use and useful web console from which you can see what’s up on your web applications or websites. You can inspect any single HTTP request and response and get statistics in real-time.
Managed setup and first configuration
you don’t need to worry about the first setup and configuration. Our Security Operation Center operators will set up and configure your websites as well as applications to have a clean and working setup without false positives and in blocking mode.
Custom Rules
you’ll be able to create new firewall rules to block or prevent blocking requests on your websites or web applications.
Activation with a DNS change
Mithril is a cloud service. Therefore, you don’t need to change anything on your website or web application to activate it. Moreover, you don’t need dedicated hardware or software agents. What does it need? Just a DNS change, and our support can help you during this easy process.
Free SSL Certificate
all Mithril customers gain a free SSL certificate generated on our Certificate Manager at which nobody can access, even Mithril staff and developers.
Support and SOC
an entire Security Operation Center for your websites and web applications. Mithril SOC will analyze blocks and alerts of your websites in order to investigate possible threats or to resolve false positives.