SvenskaSupportDocsStatusSign upLog in
SV

Web Application and API Security iconWeb Application and API Security

Web Application and API Security (WAAS) is a cloud-native application protection platform to secure your web applications and APIs.

Overview

Specification

Pricing

SLA

Elastx WAAS is a cloud-native application protection platform (CNAPP) to provide an integrated approach to web application and API security. Supporting the OWASP Top 10 and API protection, along with capabilities like vulnerability management, compliance and runtime defense. The WAAS module automatically detects and protects microservices-based web applications and APIs in cloud and on-premises environments.

Container in forest

Web Application and API Security (WAAS)

WAAS focuses on the external layer (Layer 7). It inspects incoming traffic to protect your applications and APIs from web-based attacks.

  • WAF Capabilities: Protects against the OWASP Top 10 (e.g., SQL Injection, Cross-Site Scripting, and Command Injection)
  • API Security: Automatically discovers API endpoints and enforces Schema Validation (using OpenAPI/Swagger files) to ensure only legitimate calls reach your backend
  • Bot Management: Distinguishes between "good" bots (like search engines) and "bad" bots (used for scraping or credential stuffing)
  • Layer 7 DoS Protection: Uses rate-limiting to prevent attackers from overwhelming your application with high-volume requests

Runtime Security (Workload Protection)

While WAAP monitors traffic entering the app, Runtime Security monitors what is happening inside the running container, serverless function, or Virtual Machine.

  • Behavioral Learning: Automatically creates a model of "normal" behavior for your workloads (which processes it starts, which files it touches)
  • Anomaly Detection: Alerts or blocks suspicious activity in real-time, such as an unauthorized process starting (e.g., a crypto-miner) or an unexpected network connection
  • Vulnerability Management: Continuously monitors running workloads for newly discovered CVEs (vulnerabilities)
  • Host & Container Integrity: Ensures that the underlying operating system and the containers haven't been tampered with after deployment

Application Security (Code & Pipeline)

This is the "Shift Left" component. It focuses on finding and fixing security issues before the application is even deployed.

  • SCA (Software Composition Analysis): Scans your open-source libraries and dependencies for known vulnerabilities
  • Secret Scanning: Checks your source code for hardcoded passwords, API keys, or certificates that shouldn't be in your repository CI/CD Integration: Plugs directly into tools like GitHub, GitLab, and Jenkins to fail "bad" builds before they reach production

We'd love to tell you more in a digital meeting - book a time that suits you

Schedule a meeting

Elastx WAAS is a cloud-native application protection platform (CNAPP) to provide an integrated approach to web application and API security. Supporting the OWASP Top 10 and API protection, along with capabilities like vulnerability management, compliance and runtime defense. The WAAS module automatically detects and protects microservices-based web applications and APIs in cloud and on-premises environments.

Container in forest

Web Application and API Security (WAAS)

WAAS focuses on the external layer (Layer 7). It inspects incoming traffic to protect your applications and APIs from web-based attacks.

  • WAF Capabilities: Protects against the OWASP Top 10 (e.g., SQL Injection, Cross-Site Scripting, and Command Injection)
  • API Security: Automatically discovers API endpoints and enforces Schema Validation (using OpenAPI/Swagger files) to ensure only legitimate calls reach your backend
  • Bot Management: Distinguishes between "good" bots (like search engines) and "bad" bots (used for scraping or credential stuffing)
  • Layer 7 DoS Protection: Uses rate-limiting to prevent attackers from overwhelming your application with high-volume requests

Runtime Security (Workload Protection)

While WAAP monitors traffic entering the app, Runtime Security monitors what is happening inside the running container, serverless function, or Virtual Machine.

  • Behavioral Learning: Automatically creates a model of "normal" behavior for your workloads (which processes it starts, which files it touches)
  • Anomaly Detection: Alerts or blocks suspicious activity in real-time, such as an unauthorized process starting (e.g., a crypto-miner) or an unexpected network connection
  • Vulnerability Management: Continuously monitors running workloads for newly discovered CVEs (vulnerabilities)
  • Host & Container Integrity: Ensures that the underlying operating system and the containers haven't been tampered with after deployment

Application Security (Code & Pipeline)

This is the "Shift Left" component. It focuses on finding and fixing security issues before the application is even deployed.

  • SCA (Software Composition Analysis): Scans your open-source libraries and dependencies for known vulnerabilities
  • Secret Scanning: Checks your source code for hardcoded passwords, API keys, or certificates that shouldn't be in your repository CI/CD Integration: Plugs directly into tools like GitHub, GitLab, and Jenkins to fail "bad" builds before they reach production

We'd love to tell you more in a digital meeting - book a time that suits you

Schedule a meeting

Elastx Cloud Platform (ECP) is designed for business-critical services and sensitive data. Therefore we include several services to ensure high availability and security by default. These services are generally not included by other providers.

The following services are included as standard in our prices: 24x7 support, Threat Intelligence, DDoS protection, encrypted traffic between our availability zones and encryption of storage.

All prices exclude VAT.

Download price list (Excel file)

* Includes Web Applicattion Firewall, API security, Bot management, L7 DoS protection, Access control, File Upload Control ** Includes Vulnerability scanning, compliance scanning, runtime security, registry scanning, image CI/CD scanning

Web Application and API Security | Elastx