Protect web infrastructure against DDoS, SQL injection, XSS, and SSL attacks

Attacks against the web have become more vicious than ever. Distributed Denial of Service (DDoS) attacks starve legitimate traffic of resources; SQL injection attacks pass through firewalls to steal data; Cross Site Scripting (XSS) attacks use unvalidated scripts for malicious activities; and legacy SSL protocols can reveal application data to the determined hacker. Every type of business, no matter the size or industry, requires protection to address these threats.

Learn how

Citrix networking solutions block all next-gen threats in one strategic, affordable platform. While protecting all layers of the computing stack, they provide accelerated app delivery and superior load balancing with 100 percent uptime.

DDoS attacks are resource wasters—they work by saturating network infrastructure so that it is unable to process legitimate traffic, making applications inaccessible. For a business, a web application that has crashed is no different than one that is under DDoS attack.

NetScaler ADC and NetScaler AppFirewall easily thwart a variety of DDoS and DoS attacks, providing protection against tactics such as external entity references, recursive expansion, excessive nesting, and malicious messages containing either long or a large number of attributes and elements.

SQL injection is commonly used to steal identity data and other sensitive information. By inserting unauthorized database commands into a vulnerable web site, an attacker may gain unrestricted access to the entire contents of a backend database.

NetScaler AppFirewall identifies and mitigates against all kinds of SQL injection attacks. It also prevents all XML attacks by incorporating a rich set of XML-specific protections.

SSL-based attacks, in the absence of dedicated hardware for SSL termination and inspection, carry a heavy processing penalty. NetScaler ADC protects against compute-intensive SSL-based DoS attacks, providing substantial coverage without the need to implement another set of dedicated devices. Dedicated SSL accelerators, which operate in conjunction with a full-proxy capability of identifying and dumping empty or malicious SSL connections, are instrumental in enabling NetScaler ADC to fend off SSL flood attacks.

XSS attacks are commonly used to steal user identities, hijack user sessions, poison cookies, redirect users to malicious web sites, access restricted sites, and even launch false advertisements.

NetScaler AppFirewall has dynamic, context-sensitive capabilities to prevent XSS attacks. The platform looks for anything that looks like an HTML tag and checks against allowed HTML attributes and tags to detect XSS attacks. Custom XSS patterns can be stored to modify this default list of tags and attributes. Both HTML and XML payloads are inspected. Field format protection and form field consistency is included.

Citrix products

NetScaler AppFirewall

  • Industry’s highest-performing WAF
  • Protects web apps from known and zero-day application-layer attacks
  • Analyzes all bidirectional traffic to protect against an extensive range of threats

NetScaler ADC

  • Provides web app security and optimization through a single, strategic platform
  • Offers app acceleration and superior load balancing
  • Protects against all DDoS threats, using a layered security model


Architecting a scalable and secure data center

Networks are extremely important for mobile and applications are the new perimeter.


Citrix NetScaler: A powerful design against denial of service attacks

Protect against both network-layer and application-layer attacks.


A foundation for next generation data center and cloud-based security

NetScaler combines app security, network optimization, and a cost-effective approach.