Threats - WAF limitations

One of the biggest trends in securing the web against skimming is to use a web application firewall (WAF).

What is WAF?

Web application firewall is a special type of application firewall that applies specifically to web applications. It is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic - detecting and blocking anything malicious

How WAF can let you down?

WAF is an OSI layer 7 defense mechanism against attacks known as application-layer attacks, and it protects services that user-facing web applications use to present data. WAF is not protecting browser-level user interface itself. If a web application and its user experience is a house, then WAF protects walls, not the furniture or electronics inside.

Drive-by skimming

Steals data of hundreds of websites in one hit


WAF does not protect against skimming performed by a sideloaded JavaScript code.

Third-arty JavaScript code

Attackers load skimming code on target web pages using legitimate scripts and tools

Multi-stage attacks

Skimming code uses anti-forensics or loads only on target web pages

Supply chain attacks

It's often a lot easier to add skimming code to a third-party JavaScript code because it's not part of internal security oversight. Additionally, attacking third-party tools allows hackers to penetrate almost all the customers of the target third-party. This type of attack is commonly called "drive-by skimming."

Feroot platform helps overcome limitations of WAF

Instantly stop all unauthorized JavaScript code in real-time

PageGuard deploys browser-level access control technology, ACT, to control access of third-party JavaScript code to sensitive data.

ACT stops malicious code and prevents them from stealing your users' credit card information, login credential and other valuable data.

Start free protection today

Your real-time cyber defense platform for web apps and website to help you stay safe

It only takes few seconds