How is AppTrana Web Application Firewall Different?
Designed for Comprehensive Protection
By identifying the vulnerabilities in the application and patching them instantly, AppTrana WAF Protection is the only solution that tailors protection based on application need.
Security Partner who works as your extended team
Only web application protection solution that provides a complete managed security service, working as your extended team to meet your security needs.
Detect your Risks Continuously
Continuously identify your application security posture with web security firewall through automated security scans and manual Pen-Testing
Protect your Application Immediately
Combination of always-on security and expert created surgically accurate security rules to patch the vulnerabilities through Indusface WAF with assured zero false positives.
Ensure round-the-clock Availability
All surge in traffic is not a DDoS. Have experts monitor traffic and prevent DDoS before it happens with a fully managed web application firewall
Improve Website Performance Instantly
Instant Whole Site Acceleration (Content Delivery Network) using distributed Global Edge Locations.
360° view of your Application Security
24*7 visibility of the risk posture and business impact via the integrated AppTrana WAF portal.
$399$399/app/month billed monthly
Fully Managed Site Security
Includes Advance Feature Plus
Managed False Positive Checks
Managed DDoS Mitigation
Managed Bot Mitigation
24*7 Monitoring by Security Experts
Infrastructure Vulnerability Scans
$99$99/app/month billed monthly
Comprehensive Site Security
Unlimited Automated Scans (DAST)
OWASP Top 10 Threat Detection
SANS 25 Vulnerability detection
Scan behind Authentication Page
Web Application Firewall
Whole Site Acceleration (CDN)
DDoS & BOT Mitigation
PCI DSS 3.2 Compliance
Support FOR SSL Certificate
|Features||WAF Premium||WAF Advance|
|Managed Web Application Security Scanning||Unlimited||Unlimited|
|Full Support of HTML5, AJAX and JSON|
|No. of Pages Scanned||Unlimited||Unlimited|
|No. of Application Credentials||Unlimited||Unlimited|
|Coverage for OWASP Top 10, PCI DSS 6.5.x and SANS Top 25 Vulnerabilities Detection|
|PCI DSS and CERT compliant Manual Penetration Testing by experts||-|
|Manual verification of Vulnerabilities by experts||Unlimited||Limited to 5 requests|
|Remediation Guidance to fix vulnerabilities|
|Vulnerability Revalidation checks|
|Layer 7 Protection through Web Application Firewall|
|Always On Protection through Advance Security Rules|
|Platform Specific Security Rules|
|Zero day Vulnerability Protection|
|Blacklisting IP's & countries|
|Ability to exempt certain URI and IP through whitelisting|
|PCI DSS 3.2 Compliance|
|Intelligent Protection through Anomaly based risk scoring||-|
|Data Transfer included in the plan||150 GB/month||30 GB/month|
|Protection against Layer 3, 4 Volumetric attacks|
|Protection against Layer 7 DDoS attacks|
|Reputation checks for client IP and blacklisting of malicious IP|
|Protection of Origin IP address against DDOS attacks|
|Protection against Hot-Linking|
|Check for pretender bots through IP checks|
|Validation of Bot Signatures and blocking bad bots|
|Captcha Challenges to prevent malicious bots, protect against DDOS attacks|
|Experts written custom rules to virtually patch application specific vulnerabilities||Unlimited||Limited to 2 requests|
|False Positive monitored premium rules||-|
|Advance DDOS mitigation support for complex Layer 7 DDOS attacks||-|
|Automated whitelisting of legitimate Search Engines & Bots|
|SLA based customization and propagation of security rules||-|
|24x7 management by certified application security experts||-|
|ISO 27001 Certified Support Centre|
|Whole Site Acceleration (Content Delivery Network)|
|Static Content Caching|
|Dynamic Content Caching|
|Manual Cache Purge|
|Custom Cache Header|
|Free LetsEncrypt DV SSL Certificate|
|Option to buy Entrust OV or EV Certificate|
|Custom SSL Certificate|
|Zero Down time on-boarding|
|Highly available and scalable architecture|
|360° visibility into application security posture through unified AppTrana portal|
|Support for WAF Integration with 3rd party CDN|
|No hardware, software or tuning required|
|Support through Email, Chat and Phone||24* 7||24* 7|
|SIGN UP||START FREE|
Trusted by 2000+ Global Customers
We use Indusface Web Application Scanning (WAS) for vulnerability assessment that provides us insights into our application security risk. One of the key reasons of our partnership with Indusface is their ability to continuously keep innovating around detection,
CISO, Axis Bank
We are a happy customer using AppTrana that takes complete care of tuning, analyzing and updating security policies to keep web-based applications secure. Now with CDN we also expect to get performance without compromising security. We are excited and looking forward
Mannan Godil, CISO, Edelweiss
Our complete ecommerce infrastructure is hosted on the cloud and we are glad to have Indusface as partner for web security. Due to their association with cloud service providers and prompt deployment options, Indusface was the preferred security choice. The on-demand
Anil Shankar, VP, Solutions & Technology, Shoppers Stop
The Risk Based Fully Managed Application Security technology offering from Indusface provided us the best value for money. We signed up with Indusface as not just a technology supplier, but as a application security partner for enabling us to drive more digitization initiatives.
Kiran Belsekar, VP, Information Security , Aegon Life
Frequently asked questions, answered.
Yes. In all deployment modes we provide 3 levels of controls to turn off the solution.
- Log Mode – All rules in WAF will be in log mode and logging them as suspicious and not taking any action to block the request.
- Disable Mode – The entire WAF will be disabled and the solution will be only in reverse proxy mode.
- Bypass Mode – The entire cloud AppTrana Infrastructure will be bypassed and the traffic will be sent directly to your server.
All of this is done without any downtime.
Yes, in the AWS marketplace and Virtual appliance deployment model we allow you to configure the SSL in our WAF deployment or you can choose to have a termination of SSL in your Load balancer and have the WAF traffic as internal non SSL traffic. We provide flexibility in this deployment and configuration option.
In the Cloud model we allow customers to provide their own certificate or get a free one automatically provisioned by Indusface.
Here is a list of 10 most dangerous website security mistakes that you must avoid.Read Blog
Ready to get started?