Gasha WAF
Gasha WAF provides enterprise-grade protection for web applications against SQL injection, XSS, CSRF, and other OWASP Top 10 threats. Deploy in front of any web service for instant protection.
Overview
Gasha WAF is an AI-powered Web Application and API Protection (WAAP) platform developed by INSA to safeguard Ethiopia's digital assets. It stands as an invisible shield between users and web applications, inspecting every incoming request in real-time, distinguishing between normal and malicious traffic, and blocking threats before they reach protected assets. Powered by dual detection engines, Gasha WAF combines signature-based detection for known attack patterns with AI-driven behavior analysis to detect advanced threats. The combination of these two technologies provides a comprehensive defense against modern threats like API abuse, credential stuffing, zero-day exploits, and application-layer DDoS attacks. Without a dedicated Web Application Firewall, your organization remains exposed. Attackers continuously scan for vulnerable websites, unprotected APIs, and misconfigured web servers. A single successful breach can lead to data theft, ransomware, and other cybercrimes.
Why It Matters
Over 70% of all cyberattacks target web applications. Traditional firewalls and IPS/IDS cannot protect against modern threats like API abuse, credential stuffing, zero-day exploits, and application-layer DDoS attacks. Without a dedicated Web Application Firewall, your organization remains exposed. Attackers continuously scan for vulnerable websites, unprotected APIs, and misconfigured web servers. A single successful breach can lead to data theft, ransomware, service disruption, regulatory fines, and reputational damage. Gasha WAF closes this gap by providing a dedicated security layer specifically designed for web applications and APIs — blocking attacks that other security tools miss.
How Gasha WAF Works
Step 1 — User Sends Request: A user sends a request to your website. The request travels across the Internet and reaches Gasha WAF — deployed directly in front of your web servers. No traffic reaches your applications without passing through the WAF first.
Step 2 — Traffic Inspection: Gasha WAF performs traffic inspection using multiple detection engines working in parallel. The Signature Engine scans for known attack patterns like SQL injection and XSS. The AI/ML Engine analyzes behavior to detect zero-day exploits and anomalies. Additional engines check for API abuse, bot activity, DDoS attacks, and malicious file uploads.
Step 3 — Decision Engine Takes Action Based on the analysis, the Decision Engine takes one of three actions: - ALLOW – Clean traffic is forwarded to your web servers BLOCK – Malicious requests are rejected and logged - CHALLENGE – Suspicious traffic must complete CAPTCHA or JavaScript verification
Step 4 — Monitoring & Logging Every action is monitored, logged, and available for review through the centralized management dashboard. Real-time alerts can be configured for specific events.
Key Features
Signature Detection Engine
Blocks known and OWASP attacks. Provides robust protection against SQL injection, cross-site scripting (XSS), local and remote file inclusion (LFI/RFI), command injection, path traversal, cross-site request forgery (CSRF), XML external entities (XXE), and Unix/Windows shell injection. Rules are automatically updated from global threat feeds, ensuring protection against newly discovered vulnerabilities within hours.
AI / Machine Learning Engine
Identifies zero-day exploits and behavioral anomalies with no known signature. Learns your traffic patterns, establishes baselines, and detects deviations in real-time. Adapts as attack techniques evolve, ensuring protection against never-before-seen threats.
API Security Engine
Protects REST, SOAP, and GraphQL APIs. Automatically discovers shadow APIs, enforces schema validation, prevents BOLA and BFLA attacks, enforces rate limiting, and blocks API enumeration attempts. GraphQL-specific protections include query complexity limits.
Bot Bloking and Management Engine
Separates humans from automated attackers using browser fingerprinting, reputation scoring, and deterministic attestation. Detects headless browsers, prevents credential stuffing and password spraying, blocks brute force attempts, and challenges suspicious traffic with CAPTCHA or JavaScript verification.
Custom Rules
Define your own security rules and policies.
Audit Logging
Full request/response logging for compliance.
DDoS Mitigation Engine
Protects at application layer (L7) and network layer (L3-L4). Implements dynamic throttling, per-IP and per-user rate limiting, slow HTTP attack mitigation, request spike detection, connection limits, and automatic IP blacklisting to ensure continuous availability.
Anti-Virus Engine
Scans all file uploads in real-time. Blocks viruses, trojans, ransomware, backdoors, web shells, keyloggers, rootkits, spyware, adware, and worms. Malicious uploads are rejected immediately and logged for review.
Honeypot Deception Engine
Deploys fake endpoints, decoy files, and honeytokens to lure attackers. Provides early warning, captures attacker methods and tools, and delivers forensic data for threat hunting. Reveals attacks before they reach real assets.
Zero Trust Network Access (ZTNA)
Enforces continuous verification of every request. Checks device posture, enforces least privilege, supports micro-segmentation, and integrates with MFA, LDAP, SAML, OAuth, OpenID Connect, and JWT validation. Never trust, always verify.
Management & Operations
Centralized dashboard for policy configuration and monitoring across all WAF instances. Real-time traffic visualization, attack analytics, geographic heatmaps, and alerting via email, SMS, webhook, or SIEM integration.
GeoIP Filtering
Blocks, allows, redirects, or challenges traffic based on geographic location using high-precision GeoIP2 databases. Supports safe-country allowlisting, high-risk country blocklisting, and compliance-based restrictions.
Use Cases
Use Case 1 — Government Ministries & Agencies
Protect citizen portals, e-government services, and internal applications from cyber threats. Gasha WAF is pre-approved for deployment at NISS, INSA, Federal Maremiya Bet, and all Ethiopian ministries.