web app firewall

Complete Web Security Solution

WAAP + WAF + Bot Protection + Layer 7 DDoS Protection


Kubernetes WAF for your Cluster

Supports EKS, Fargate, Traefik, and Istio

Kubernetes WAF by Prophaze is a Kubernetes Native Web Application Firewall (WAF) that intelligently tracks down malicious requests into your Web APIs.


It is installed by embedding Prophaze Kubernetes WAF into your current ingress controller. Prophaze supports all the versions of Nginx ingress controller, Kubernetes ingress controller, or services meshes like istio or traefik.


How Kubernetes Web Application Firewall Works?

Prophaze KubeWAF is an Enterprise Grade Kubernetes Web Application Firewall which is deployed as a microservice along with your other components. It will work alongside cloud load balancer and filters all the incoming traffic towards your api services.


What you have to do ?

Use the Helm chart to create or update your ingress controller in your cluster. Prophaze can help with dedicated onboarding of the WAF controller in your cluster.


Public Cloud Support

Automate security deployments.

Prophaze with AWS solutions simplify cloud security. Deploy Prophaze WAF to get a complete protection against web application threats so that can focus on optimizing cloud benefits.In the cloud, you can design security directly into your applications by using APIs. Prophaze APIs allows to incorporate security automatically into your packaged applications with orchestration tools support when they are deployed.


Block all kind of cyber-threats.

Prophaze WAF detects a variety of threats, including all OWASP Top 10 vulnerabilities as well as advanced threats. It’s a non-invasive, cloud-based tool, with no impact on your operations.

Secure workload migration.

The Prophaze WAF protects your web applications on AWS and makes it easier, safer to move your workloads to AWS. With architectural redundancy and expandability, the WAF can deliberately scale up or down in real time to match fluctuations in workload demands.


With Prophaze on AWS, you can:

· Mitigate Application Vulnerabilities

· Manage and Secure APIs

· Secure CDNs

· Integrate Security into CI/CD Pipelines

· Accelerate Application Performance

· Migrate Your Applications


WAF as a Service

· Stop attacks bypassing in-house WAF and compromising business-critical applications

· Eliminate continuous, time-consuming WAF configuration, and administration tasks

· Relieve DevOps from day-to-day alerts overload

· Save hundreds of thousands in annual costs associated with WAF ownership and staffing

· Must-have requirement for financial and healthcare customers

· Must-have requirement for data-sensitive applications

· Protection from bad bots, malware and OWASP top 10 threats bypassing WAFs

· Enforce compliance for GDPR, HIPAA, CCPA, SOC2, PCI-DSS

· Meet customer security SLAs

· Multi-tenancy, multi-domains and multi CDNs

Layer 7 DDoS Protection

Prophaze protects your API endpoints deployed in the Kubernetes cluster against distributed denial of service (DDoS) attacks by malicious bot networks.

Public, private, or partner-facing APIs have a key role in accelerating digital transformation. However, many organizations, including large enterprises, have relatively immature API security programs, thus creating a completely new attack surface.

Prophaze protects your applications from distributed denial of service DDoS attacks by malicious bot networks.


· Detection – protocol IP, and anomalies in traffic flows

· ML behavior analysis

· Diversion – traffic is redirected using DNS routing

· Analysis – previous security logs are analyzed to improve resilience

· Filtering – DDoS traffic is blocked while valid requests flow through.

We can ensure real-time protection against DDoS attacks which can identify and mitigates large-scale targeted applications.

Distributed Denial of Service (DDoS) attack is a malicious attempt to affect the availability of a targeted system(s) or network. The offender initiates a lot of requests to overwhelming the target(s) and uses several compromised or controlled sources to launch the attack.


DDoS mitigation is the process of protecting a target from a DDoS attack successfully.


· Detection—the discovery of traffic flow deviations that may signal the possibility of a DDoS assault.

· Diversion— re-routing the traffic away from its target through Domain Name System or Border Gateway Protocol routing. Here, a decision needs to be taken – whether to filter the traffic or need to discard it.

· Filtering—by determining the patterns that quickly distinguish between genuine traffic like humans, API calls and search engine bots, and malicious visitors.

· Analysis—system logs and analytics can be used to collect the data about the attack. This both will help to understand the attacker(s) and to improve future resilience. Advanced security analytics techniques can help granular visibility into the attack traffic and an instant understanding of attack details.

· DoS attack uses a single system and one Internet connection to flood a targeted resource whereas a DDoS attack uses different systems and network connections to flood the target system..


OWASP TOP 10 Protection

OWASP Top 10 Web Application Vulnerabilities’ Mitigation using Prophaze WAF

The OWASP Top 10 vulnerabilities provide guidance to developers and security professionals on the most critical vulnerabilities that are commonly found in web applications, which are also easy to exploit. These 10 application risks are dangerous because they may allow attackers to plant malware, steal data, or completely take over your computers or web servers.


To make sure about availability and protect against abuse, it is possible to set API usage limits.


· Prophaze WAF provides real-time website protection by using powerful cloud-based technologies to maintain protection against the latest threats.

· Prophaze will automatically scan your website for thousands of known vulnerabilities and OWASP Top 10.

· Prophaze also ensures that the web applications are protect against being used as threat vectors into the client’s network.


Prophaze WAF requires no additional configuration but it automatically updates to include protection against new vulnerabilities. It is possible to create/modify rules to match patterns of exploitation attempts in HTTP/S requests and block requests from entering your servers using Prophaze WAF.

API Security

Prophaze WAF API Gateway is vendor-agnostic supporting the leading API gateways.

Public, private, or partner-facing APIs have a key role in accelerating digital transformation. However, many organizations, including large enterprises, have relatively immature API security programs, thus creating a completely new attack surface.


Your DevOps team can validate and deploy secure custom APIs based on OpenAPI specifications directly from the dashboard. Prophaze creates a positive security model to validate only the traffic you want to access your APIs is enforced and protects all your API endpoints. Prophaze API security is vendor-agnostic supporting the leading API gateways.


· Automatic positive security model to enforce consistent boundary checking for API requests

· Test APIs for misconfigurations, logic manipulation, and input validation

· Distinguish between legitimate and malicious payloads and bots

· Use regular expressions to enforce required parameters in the message body

· Rate limiting incoming and outgoing traffic

· Integration with leading API Management vendors

· Decode Open API (Swagger) files, header and body payload

· Decode all the data formats including nested and encoded

· custom API protocols, such as JSON inside Base64 encoding