Realization of the virtual patching functionality in Nemesida WAF allows to block vulnerabilities exploitation attempts, which are content in web applications without changing their source code. It means that you do not need wait for official patch from the vendors.
Virtual patching Nemesida WAF protects web sites from current unpatched vulnerabilities (including zero-day vulnerabilities), blocking their exploitation attempts, without breaking web application work. Using virtual patching rules allows to vendors to concentrate on improving vulnerabilities without urgent changing source code. Virtual patching allows to block “on the fly” all exploitation of unknown vulnerabilities attempts, to make special control the attack zone.
Two sources of virtual patches generation are used in Nemesida WAF: automatically by the Nemesida AI module and manually by creating signatures rules. Virtual patching is included in Nemesida WAF¶.