What is「Website Application Firewall(WAF)」?

WAF (Web Application Firewall) / Mainly protects web applications / Monitor and filter HTTP traffic from your website / Protect the website from malicious attacks, data exposure, and website security.

Advanced AI-WAF / $10000/Month
Apply Now

What is Website Application Firewall(WAF)|Yuan-Jhen

Risk of Website Operation Hackers discovers your website vulnerability in just a second.

Risk of Website Operation|Yuan-Jhen

Open source code is visible to everyone on the internet. Once the hackers catch the vulnerability, it will become a high-risk target. We often use open-source applications to build websites, these ready-made applications help IT staff to build a complete website quickly and save considerable cost of web and programming. For example, we often use CMS content management systems to set up corporate portals. (ex. Joomla!, Drupal ...)

Importance of Information Security|Yuan-Jhen

If the program is not prepared during the open-source application development, it is easy for hackers to find out security vulnerabilities. The plug-ins or themes are also dangerous, making the site more vulnerable to become high-risk targets. WAF can improve the security of the website and prevent the website from becoming a target of hackers.


Commonly used in blogging.


Commonly used in discussion forums.


Used in quick shopping carts building.

Importance Of
Network Security
Importance of Information Security Awareness

Programming Concepts for Security

Websites help companies and website operators to obtain information; programmers usually spend more time developing web functions and improving processes, but not information security. In fact, developers are lack of security programming concepts (for related information, please refer to OWASP Secure Coding Practices).

Importance of Information Security|Yuan-Jhen

Top 10 Common Attacks by OWASP

Injection Injection
When an attacker sends malicious data to a website, they can use web application vulnerabilities, such as SQL, NoSQL, OS, LDAP injection, etc., to execute commands or steal data without authorization.
Broken Authentication and Session Management|Yuan-Jhen
Broken Authentication and Session Management Broken Authentication and Session Management
Broken Authentication and Session Management|Yuan-Jhen
Incorrect authentication in the website application or the implementation of session-related functions allows hackers to steal passwords, keys, login credentials of others, and temporarily or permanently impersonate users’ identity.
Sensitive Data Exposure|Yuan-Jhen
Sensitive Data Exposure Sensitive Data Exposure
Sensitive Data Exposure|Yuan-Jhen
A lot of website applications and APIs do not protect sensitive data appropriately, such as related industries (finance, medical care, and personal property protection). Hackers can easily hack into unencrypted databases to steal or tamper with sensitive data and conduct credit card fraud, identity theft, or other illegal purposes.
Broken Access Control|Yuan-Jhen
Broken Access Control Broken Access Control
Broken Access Control|Yuan-Jhen
Website operators often do not set strict access restrictions on input validation. Attackers can use access control vulnerabilities to view unauthorized functions or data, such as logging in to other users' accounts, viewing sensitive files, modifying user data, changing login permissions, and more.
Security Misconfiguration|Yuan-Jhen
Security Misconfiguration Security Misconfiguration
Security Misconfiguration|Yuan-Jhen
Incorrect security settings are common website security issues!
Security misconfiguration might lead to security vulnerabilities. The operating system and applications should be configured for security, and be regularly updated and upgraded to prevent attackers.
Cross Site Scripting ( XSS )|Yuan-Jhen
Cross Site Scripting ( XSS ) Cross-Site Scripting(XSS)
Cross Site Scripting ( XSS )|Yuan-Jhen
Lack of appropriate verification of websites, and allowing incredibility information will allow hackers to tamper with the site. They can hijack the user session or redirect to other malicious websites.

Comprehensive Protection by AI-WAF

Defense Against Evolving Dangers

Filter all malicious visits and requests through AI-WAF.To strengthen the security of all applications and systems on the website.
Advanced Persistent Threat (APT)

  • Stop Hackers

    AI-WAF detects and blocks web application attacks.

  • Prevent the leakage of private information

    Using the machine logic algorithm to detect and identify accurately, protect the confidential information.

  • Prevent Unauthorized Login

    Be able to detect and block brute force attacks.

  • Protect Webpages from Tampering

    Protect the webpage and database from tampering to ensure the correctness of the webpage content.

Comprehensive Protection by AI-WAF|Yuan-Jhen
AI-WAF Solution|Yuan-Jhen

AI-WAF Solution

Technical consultants for information security are at your service to assist you in solving the security
maintenance issues on your website,ensuring information security protection from malicious threats.
Price Please contact sales personnel. 02-4499-343
Fill out the forms now.

Features of Comprehensive Protection

  • Strong Defense Range|Yuan-Jhen
    Strong Defense Range

    A customizable comprehensive defense mechanism, with 26 types of protection rules to protect against various threats and prevent hackers from taking advantage.

  • AI-WAF Unparalleled Accuracy|Yuan-Jhen
    Unparalleled Accuracy

    Using the next-generation web detection method in the machine learning area to obtain higher detection rates and lower false alarm rates.

  • AI-WAF Quick Deployment and Easy to Use|Yuan-Jhen
    Quick Deployment and Easy to Use

    It has a simple and secure GUI management console. Setting up WAF is easy.

  • AI-WAF Automatic Update and Upgrade Protection|Yuan-Jhen
    Automatic Update and Upgrade Protection

    It regularly updates software and system protection rules, and updates the database with reference to the OWASP TOP 10 specification, which can stay alert to protect the website security at any time!

  • AI-WAF Compliance with PCI standards|Yuan-Jhen
    Compliance with PCI standards

    It complies with credit card security standards and complies with PCI-DSS 3.2 data security standards, which can avoid payment of non-compliant fines.

Market Share of WAF Application Firewall in Asia-Pacific Region

AI-WAF is a product using Penta Security Systems(WAPPLES). The brand is headquartered in South Korea and leads the service of security system protection measures. The application firewall products of the brand(WAPPLES)have been recognized by the Asia-Pacific market, it’s growing and expanding and hold a place in the Asian market.

Asia Pacific Web Application Firewall Vendors Market Share 2012

Market Share of WAF Application Firewall in Asia-Pacific Region|Yuan-Jhen

Data Source: Frost Industry Quotient (IQ):Asia Pacific Web Application Firewall Vendors 2013 from FROST&SULLIVAN Report

Asia Pacific Web Application Firewall Vendors Market Share 2012

Market Share of WAF Application Firewall in Asia-Pacific Region|Yuan-Jhen

Data Source: Developing a Resilient Web Defensereport 2016 from FROST&SULLIVAN Report

Information Security.

Yuan-Jhen is dedicated to promoting information security and develops the semi-dedicated & WordPress optimized hosting with Application Firewall 2.0 UI.

The WAFs from other providers can only be turned on or off. Once the WAF rules affect the regular website operation, they need to be closed. However, WAF needs customization. Therefore, customers buying WAFs from other manufacturers will not turn on WAF. That is to say, they are lack of inflexibility.

A whitelist can be set up with Yuan-Jhen application firewall 2.0 interface so that security and convenience can both work!

Adopting OWASP Core Rule Set(CRS)

OWASP (Open Web Application Security Project) is a non-profit organization. Its main goal is to discuss the standards, tools, and technical documents that help to solve web application security problems, and is committed to assist governments or businesses in understanding and improving application security.

The OWASP Top 10 (OWASP Top Ten Web Application Security Risks) is a standard awareness document followed by all enterprises and organizational units. Yuan-Jhen uses OWASP CRS to effectively defend against the latest attack methods!

Adopting OWASP Core Rule Set(CRS)|Yuan-Jhen

One-click to activate and one-click to rule out misjudgment.

It's as simple as that. The website security settings can be completed in two steps, and start to eliminate 80 to 90% of external threats!
One-click to activate and one-click to rule out misjudgment|Yuan-Jhen

Products to Work Together

Vulnerability Scanner|Yuan-Jhen

Vulnerability Scanner

To test the web pages for vulnerability risks and reduce the possibility of data leakage.

Extra Layer of Free Protection|Yuan-Jhen

Extra Layer of Free Protection

Malware Scan function is a built-in feature for all hosting from Yuan-Jhen.

Service of Website Malware Scanner|Yuan-Jhen

Service of Website Malware Scanner

Proactively detect and remove malware.

Risk of Website Operation|Yuan-Jhen

Yuan-Jhen’s Premium Semi-dedicated Hosting

Monitor the hosting all day long. Immediately report if any attacks and import them to the cleaning center.