WAF SDK is a programing package designed specifically for native Apps. It offers security protection such as trusted communications, anti-fake-orders detection, and so on. WAF SDK can effectively identify high-risk mobile phones, ModemPOOLs, and other characteristics.
After accessing the SDK, your App can get the same trusted communication technologies as the clients such as Tmall, Taobao, and Alipay. WAF SDK also shares Alibaba Group’s fingerprint database of malicious devices against black/grey industries and econnoisseurs, and fundamentally resolves the security issues at the App end.
WAF SDK resolves the following native App side issues:
- Malicious registration, account credential enumeration attacks, and brute-force attacks
- Large volume traffic HTTP flood attacks against Apps
- Malicious attacks against SMS/CAPTCHA interfaces
- Bonus hunting and red envelopes snatching
- Seckill and time-and-purchase-limited goods
- Malicious check and brush votes (such as air tickets or hotel booking information)
- Value consulting crawls (such as price, credit information, financing, and fiction)
- Machine voting
- Spams and malicious comments
Follow these steps to access WAF SDK.
Log on to the Alibaba Cloud Security Web Application Firewall console, and go to the Web Service page. Add your App’s domain name to the list to enable the WAF protection.
At your DNS service provider, add a CNAME record to point the resolution of your App’s domain name to WAF.
Integrate the SDK components provided by WAF on your App. This operation usually takes 1-2 days. Click to download WAF SDK.
Note: The SDK integration does not require any modification on the server side. WAF can filter out malicious traffic and only send the valid request back to the origin. The pressure of malicious requests is also handled by WAF.
For more information about how to integrate the SDK components on your App, see the following instructions:
Release a new version of your App to enable the SDK protection.