Blindspot's Web Application and API Protection (WAAP) is a cloud service protecting your web applications and APIs by filtering HTTP/S requests. What sets it apart is its adeptness to the unique structure of the specific application, ensuring a tailored defense every time.
70 %
web applications use third-party code
80 %
web traffic goes through the API
Full coverage of OWASP Top-10 attacks and OAT
Deploy using application path or DNS
Quick and easy implementation
Avoiding app unavailability due to broken API
Protecting your APIs from attacks
We won't allow sensitive information to leak through your API
Blindspot delivers comprehensive DDoS protection, encompassing state-of-the-art components essential for robust attack detection and mitigation. Our solution extends to safeguarding web applications and APIs through meticulous filtering, monitoring, and blocking of malicious HTTP/S requests.
Our mechanism operates by assessing each incoming request, determining its intent, and accordingly, either blocking or allowing its passage to the web server. This vigilant evaluation is further bolstered by the support of our expansive global network and strategically located data centers, ensuring a fortified defense perimeter around your digital assets.
Blindspot's WAF operates on a scoring mechanism, enabling the identification of various attacks along with their variants. This systematic scoring is not static; it evolves continually through the application of a machine learning algorithm. This dynamic updateability facilitates the discernment between benign and malicious requests, as well as between legitimate and malicious bots, enhancing the accuracy and responsiveness of our protection framework.
WAAP Secure Path
Instant implementation and you don't have to do anything
You do not share your data
Instant implementation and you don't have to do anything
It does not protect against any DDoS attacks
WAAP Cloud
Use our cloud service to filter requests.
Learn more about the requirementsLearn more about the requirements
Protection against DDoS attacks at the application layer
Necessity to redirect IP addresses to our cloud
As your application receives requests through the underlying service, these requests are channeled to the Blindspot security engine for assessment against the defined rules. If a request aligns with a condition set forth in the rules, Blindspot WAAP instructs the underlying service to either block or allow the request, based on the designated action. Blindspot WAAP operates on both positive and negative security models.
Blindspot WAAP (Web Application and API Protection) is a specialized service engineered to fortify web applications against a myriad of threats. It empowers users to configure rules to authorize, block, or monitor web requests based on specific parameters. These parameters include IP addresses, HTTP headers, HTTP body content, URI strings, and common vulnerabilities like SQL injection and cross-site scripting.
Whitelisting: This model employs an "allow list", utilizing machine learning and behavioral analytics to discern the traffic that the WAAP authorizes, while blocking all other traffic.
Blacklisting: Contrarily, a "block list" is utilized here, referencing updated signatures of recognized vulnerabilities to designate the traffic that the WAAP denies, permitting all other traffic.
Hybrid Approach: This methodology combines both positive and negative security models, employing a blend of allow and block lists to determine the traffic that's granted passage.
Blindspot WAAP offers a robust shield against prevalent digital threats and targets application-level vulnerabilities, including the top 10 risks pinpointed by OWASP. Some examples are:
Cross-Site Scripting (XSS): A tactic where adversaries inject malicious scripts into authentic websites. Upon user visitation to these tainted sites, the malicious code executes in their web browsers, facilitating data theft or user impersonation by the attackers.
Application Layer DDoS Attacks: These denote DoS or DDoS assaults targeting the application layer, with common variants like HTTP/S floods, SSL-driven attacks, slowloris attacks, and brute force methods.
SQL Injection: Similar to XSS in execution, attackers exploit vulnerabilities to inject malicious SQL commands into an application, leading to unauthorized data access, modification, or deletion.
Zero-Day Attacks: Occur when malevolent entities leverage an undisclosed security lapse or software vulnerability before the developer releases a remedial patch.
The necessity for setup alterations depends on customer requirements. Blindspot WAAP supports two models – In-Line and/or Out Of Path, eliminating the need for fundamental infrastructure modifications.
