Indusface Web Application Firewall is industry’s only fully managed web application firewall that provides comprehensive protection that works. Indusface’s Total Application Security comes with integrated scanner and WAF which helps organisation identify vulnerabilities and get them immediately patched at WAF through rules written by Indusface’s security experts.

Our Advantage

Detect your risks continuously

Continuously identify your application security posture through automated security scans and manual Pen-Testing

Protect your application immediately

Combination of always-on security and expert created surgically accurate security rules to patch the vulnerabilities through WAF with assured zero false positives

Ensure round-the-clock availability

All surge in traffic is not DDoS. Have experts monitor traffic and prevent DDoS before it happens

Improve website performance instantly

Instant Whole Site Acceleration using distributed Global Edge Locations if you subscribe to the cloud WAF deployment

360 view of your application security

24*7 visibility of the risk posture and business impact via integrated AppTrana portal

Trusted by over 1100+ Global Customers

Our Happy Customers talking about us


Unlimited App Scanning

Unlimited App

Daily or on-demand web application scanning to detect vulnerabilities.

Comprehensive security audit to get security posture of multiple web applications.

Business Logic Vulnerability Checks

Business Logic
Vulnerability Checks

Extensive auditing for application specific business logical vulnerabilities.

Support on functional understanding of logical flaws for in-depth security audit.

OWASP Top 10 Detection


Efficiently detect most common application vulnerabilities validated by OWASP and WASC.

On-going detection of new vulnerabilities as a result of application changes & updates.

Zero Downtime Quick On-Boarding

Zero Downtime Quick

Entire onboarding is done without requirement of any downtime and can be done within minutes . With Indusfaces Properitiery advance rules fine tuned to minimal FP’s orgnainzation can onboard site immediately in block mode.

Managed DDoS Protection

Managed DDoS

Get instant DDOS protection against sophisticated Layer 7 DDOS attacks. TAS comes with inbuilt rate limiting rules and advance layer 7 rules that prevents sophisticated bot attacks. Also get help of security experts in case of sophisticated attacks that help in thwarting complex attacks through tailored rules.

Flexible Deployment

Flexible Deployment

The entire product is offered as a service, but the placement of the WAF can be in the cloud (no software to install), or from AWS marketplace and or in your own data centre with a virtual appliance. You will still get a centralized informative dashboard providing you real time view of the security postures and attack insights independent of the WAF placements and deployment model.

Managed by Security Experts

Managed by Security

Security experts mimic exploitations from real hackers to help identify risks in real-time.

Demonstration of business impact of vulnerabilities exploiting series of logical weaknesses within application.

Zero False Positives

Zero False

Removal of any potential false positives that are found from scanning and accurate protection against those risks via WAF rules

Informative Dashboard


Not only will be provide visibility into attacks happening and blocked on the website, but will also provide a co-relation between current vulnerabilities and its protection status based on which customer can take action and request our managed security experts to protect against those risks.

Plan Comparison

TAS Advanced
TAS Premium
Risk Detection
Managed Web Application Security Scanning
No. of Pages Scanned
No. of Application Credentials
Coverage for OWASP Top 10, PCI DSS 6.5.x and SANS Top 25 Vulnerabilities Detection
PCI DSS and CERT compliant Manual Penetration Testing by experts
Manual verification of Vulnerabilities by experts
Limited to 5 requests
Remediation Guidance to fix vulnerabilities
Vulnerability Revalidation checks
Risk Protection
Layer 7 Protection through Web Application Firewall
Always On Protection through Advance Security Rules
Zero day Vulnerability Protection
Blacklisting IP's & countries
Ability to exempt certain URI and IP through whitelisting
PCI DSS 3.2 Compliance
Intelligent Protection through Anomaly based risk scoring
Vulnerability Revalidation checks
Deployment option
Cloud - AppTrana
AWS market place or Virtual Appliance
Cloud - AppTrana
AWS market place or Virtual Appliance
DDOS Mitigation
Protection against Layer 3, 4 Volumetric attacks
Protection against Layer 7 DDoS attacks
Reputation checks for client IP and blacklisting of malicious IP
Protection of Origin IP address against DDOS attacks
Protection against Hot-Linking
BOT Mitigation
Check for pretender bots through IP checks
Validation of Bot Signatures and blocking bad bots
Captcha Challenges to prevent malicious bots, protect against DDOS attacks
Risk Monitoring
Experts written custom rules to virtually patch application specific vulnerabilities
Limited to 2 requests
False Positive monitored premium rules
Advance DDOS mitigation support for complex Layer 7 DDOS attacks
Automated whitelisting of legitimate Search Engines & Bots
SLA based customization and propagation of security rules
24x7 management by certified application security experts
Free LetsEncrypt DV SSL Certificate
Option to buy Entrust OV or EV Certificate
Custom SSL Certificate
Zero Down time on-boarding
Highly available and scalable architecture
360° visibility into application security posture through unified AppTrana portal
Support for WAF Integration with 3rd party CDN
No hardware, software or tuning required
Support through Email, Chat and Phone
24 * 7
24 * 7

Web Application Firewall FAQ

From a feature and product standpoint both offer the same benefit to customers. AppTrana is a full cloud based deployment version of the TAS offering. Customers can deploy TAS from AWS marketplace or as a virtual applicance or go with the full cloud based version using the AppTrana offering. Independent of the deployment model all the modes will provide the customer with a single centralized AppTrana Dashboard for visibility.

Absolutely. We ask for no credit card while you sign-up. You can enjoy all the services of an Advance plan for 14 days absolutely free in any of the deployment model (cloud, AWS marketplace or Virtual appliance).

Yes. In all deployment modes we provide 3 level of controls to turn off the solution.

  • Log Mode– To turn off blocking. All rules will be put in block mode in such a scenario.
  • Disable Mode – The entire WAF will be disabled and the solution will be only in reverse proxy mode
  • Bypass Mode – Applicable only in SAAS (apptrana deployment). The entire cloud AppTrana Infrastructure will be bypassed and the traffic will be sent directly to your server.

All of this is done without any downtime.

In the market place and Virtual applicace model, WAF is deployed in your data center. However the vulnerability and attack data are synched with the centralized portal hosted in AWS by indusface. In the cloud deployment model Indusface in partnership with Tata Communications gives you the 4th largest Tier IP backbone which ensures reduced latency and improved user experience for your website users. It has more than 400 POPs across 5 continents and operate more than 1 million sq ft of data centre space in 44 locations worldwide. With 24% of the world’s internet routes on our network, we offer greater flexibility and performance. Tata’s Content Delivery Network offers the most direct routes between your content and your end users, and is uniquely engineered to reach both developed and emerging markets directly and quickly. Check map here

Yes, in the AWS marketplace and Virtual appliance deployment model we allow you to configure the SSL in our WAF deployment or you can chose to have termination of SSL in your Load balancer and have the WAF traffic as internal non SSL traffic. WE provide flexibility in this deployment and configuration option.

In the Cloud model we allow customers to provide their own certificate or get a free one automatically provisioned by Indusface.

How Web Application Firewall Works?


Other Resources


Total Application Security Adavnced



Total Application Security Premium



Understanding OWASP Top 10 Vulnerabilities & their Business



7 Habits of Highly Effective WAF



5 Top Cloud Web Application Firewalls (WAF) Features



8 Types of Cyberattacks a WAF is Designed to Stop



Beating WAF Signatures



NGFWs vs WAF [Guide]


Ready to get started?

Try Indusface WAF free for 14-Days