DATASHEET

Discover

Solve Your Application Security

Puzzle with AppTrana WAAP
Monitor Applications Scan
and APIs

A unified platform to discover, scan, protect, and

monitor your public assets & APIs in real time
Protect

AppTrana WAAP (WAF)

The only Cloud WAAP (WAF) with 100% customer

recommendation for 3 consecutive years

A Customers' Choice 2023 and 2022 Gartner® Peer Insights™

Key Differentiators of AppTrana WAAP

Asset and API Discovery Real Protection with Zero False Positives

Continuously identify the external attack surface Deploy 100% of your applications in block mode
and ensure immediate risk mitigation. with our zero false positives guarantee.

*Industry benchmark - only 53% of WAFs are deployed in block mode

Risk Based Patch Management Unmetered Behavioural DDoS Mitigation

Indusface security experts constantly identify
zero-day, OWASP Top 10 & business-logic threats
via DAST scanner and pen test services. They
provide virtual patches for critical vulnerabilities
with a 24 hour SLA.
Ensure high application availability through
system-generated rate-limits that adapt to
changes in user behaviour.
AppTrana WAAP DATASHEET

Salient Features of AppTrana WAAP

Fully Managed WAF Web Application and API Protection Service

Get the support of Indusface security experts 24X7 as an

extended SOC team. Leverage the benefit of unlimited,
application specific custom rules/virtual patches on open
vulnerabilities, false positive monitoring on core rules and Web Application
Firewall

custom rules and DDoS and Bot-monitoring. Zero false

positive guarantees on all rules. API
Bot Mitigation

Monolithic and

API Security Web Application microservices-based apps

& API Protection

Discover and document your APIs automatically. Secure
(WAAP) DDoS Protection
your public facing API endpoints with positive & negative
security policy automation on AppTrana WAAP. Identify </>

vulnerabilities in your APIs through the automated API API Protection

scanner and pen testing to protect them instantly.

Unmetered Behavioural DDoS Mitigation Asset & API Discovery

Block DDoS attacks up to 2.3 Tbps and 700k requests per Discover and maintain an up-to-date
second right from day zero with highly scalable AWS inventory of your public-facing web assets
infrastructure. Ensure round-the-clock availability of your (domains, subdomains, IPs, mobile apps,
application (with SLA of 99.99%) by mitigating DDoS data centers, site types) and APIs. Generate
attacks with our inbuilt DDoS scrubber and get billed only OpenAPI specification file (Swagger 3.0)
for clean traffic. Go beyond static rate limits and automate automatically for the APIs discovered.
rate-limits based on the behaviour of inbound traffic
received by IP, URI and Geography.

Bot Protection Content Delivery Network (CDN)

Protect your business from bot attacks such as Account Maximize website performance by
Takeover, Credential Stuffing, Card Cracking and Web leveraging TATA communication's tier-1 IP
Scraping attacks. Get anomaly detection for the bad bots backbone and global footprint with
based on the behavioural pattern of the bot traffic. Get strategically located dense nodes physically
expert support for designing complex workflows to protect connected to massive IP gateways.
your business from sophisticated bot attacks (URI
blacklisting, rate-limiting, geo-fencing rules, anonymous
proxy and such other policies.)
AppTrana WAAP DATASHEET

Trusted by over 5000+ customers globally across 95+ countries

Why AppTrana WAAP can be your dependable security tool?

Unified Platform: The only WAAP with asset discovery, VAPT, DDoS & Bot mitigation, API security and

managed WAF in one platform.

Zero Downtime Onboarding with Day-Zero Protection: Go-live on the WAAP within five minutes through just

a DNS change.

Instant Origin Server Protection: Protect your origin server against vulnerability, zero-day and complex layer

3-7 DDoS attacks.

Security Compliance: We comply with ISO 27001, PCI DSS, GDPR, SOC 2 and CERT-In.

Simplistic UI: AppTrana provides a simplistic yet meaningful UI to help you find details effortlessly and

enable you to download a clean report for your internal team.

Integrations: Easily integrate AppTrana into any of your systems. Feed data into your SIEM solutions to

ensure real-time insights and alerts. Also, sign in with your existing corporate credentials from any device

with the help of SSO/SAML integration.

AppTrana WAAP DATASHEET

AppTrana WAAP Architecture Diagram

End User

CDN
Internet

WAAP

Load Balancer

Block-1 Block-2 Block-3

Scanner Asset Discovery

Block-4 Block-5

NAT

Portal Security
Origin Server
Analyst

Asset Details
Vulnerability details
Protection Trends
AppTrana WAAP DATASHEET

Feature List

Key Features Benefits Advance Premium Enterprise

$99/App/ $399/App/ Custom/Billed

PRICING
Month Month Annually

DISCOVERY

External Asset Discover your external facing assets so that no asset remains
Yes Yes Yes
Discovery unprotected.

Unlimited On-demand Ability to demand external asset scan for organisation at

Yes Yes Yes
Scans any point in time

RISK SCANNING

Managed Application Auto scan your site for OWASP Top 10 vulnerabilities and
Unlimited Unlimited Unlimited
Security Scanning SANS 25

Full Support of HTML5 , Support for scanning JSON , AJAX and HTML5 based sites Yes Yes Yes
AJAX and JSON
Remediation Guidance
Get detailed remediation to fix the vulnerabilities Yes Yes Yes
to fix vulnerabilities

Vulnerability Fix the vulnerabilities and revalidate quickly to know if

Yes Yes Yes
Revalidation Checks ulnerabilities are addressed properly

Guided Scans to ensure automated scans reach the pages

Guided scans Yes Yes Yes
that other scans cannot

Provide authentication details and have scans be done

Authenticated scans Yes Yes Yes
behind the authenticated pages

Scan onboarded applications periodically. Set the frequency

Schedule scans Yes Yes Yes
at which the applications must be scanned.

Get proof of concept for the vulnerabilities, enabling teams to

Proof of concepts 5 Unlimited Unlimited
prioritise work on the right vulnerabilities

Have experts ethically hack your sites and find business

Pen-testing by experts* No Yes Yes
logic vulnerabilities

RISK PROTECTION

Get AppTrana be in line to your website traffic and have it

Layer 7 protection Yes Yes Yes
inspect traffic - allow only legit traffic to your site
Virtual patching Leverage custom rules with assured Zero false positive rules
through advance Yes Yes Yes
security rules protecting OWASP Top 10 vulnerabilities out of the box

Platform specific rule

Rules written for specific platforms like Joomla, WordPress etc. Yes Yes Yes
set

Restrict by IP & Geo Block IP & Geo based on the traffic patterns Yes Yes Yes

Whitelist URI, to ensure that certain critical URIs are not Yes Yes Yes
Whitelist URI
blocked accidentally

Self-learning Have rules to automatically learn and push the right triggers Yes Yes Yes
behavioural rules based on the traffic patterns

Get a clear view of vulnerabilities that are protected & unprotected

Risk Prioritization vulnerabilities that need a fix in the code- allowing application Yes Yes Yes
owner’s to prioritize fixing critical bugs during the development

Malware File Upload Restricting file uploads and the type of file uploads to avoid Yes Yes Yes
Protection any impacts due to the malicious malware files
AppTrana is PCI compliant and lets you to save time in
PCI DSS 3.2 Compliance. meeting the compliances like SOC 2, GDPR, PCI DSS, HIPAA, Yes Yes Yes
ISO 27001, etc.
AppTrana WAAP DATASHEET

Key Features Benefits Advance Premium Enterprise

$99/App/ $399/App/ Custom/Billed

PRICING
Month Month Annually

Protection of Origin by providing ability to whitelist AppTrana

Origin Protection Yes Yes Yes
IPs and block rest to ensure origin is not directly attacked.

Packet Size Detected Inspection of payload of 100 MB and more Yes Yes Yes

DDOS MITIGATION

Protection against Layer

Always on protection against layer 3 & 4 attacks. Yes Yes Yes
3 & 4 attacks

Protection against large Always on protection against layer 7 that may observe
Yes Yes Yes
volumetric Layer 7 attacks large volumetric attacks seamlessly

Geo-based DDoS Provide DDoS policy controls at Geo level with ability to set No Yes Yes
Controls various limits for users from different regions

Behaviour Based Layer Protection against Layer 7 attacks using unique behavioural Yes Yes Yes
7 Protection analysis & protecting beyond simple rate limits
Enable Captcha’s so that suspected traffics are challenged to
Captcha challenges Yes Yes Yes
ensure that the automated attacks are blocked
Protection of origin IP
Origin IP is protected against DDOS and the entire traffic
address against DDoS Yes Yes Yes
attacks goes through the WAF

Protection against Protect against bandwidth and resource due to unwanted

Yes Yes Yes
Hot-Linking assets on the Internet

Configure granular DDoS controls for critical assets of the No 10 10

URI Based BDDoS Attack
application

Customize BDDoS Yes Yes Yes

Get control on how long certain policies should block
behaviour

Highly Scalable Infrastructure to handle sudden surge of

Scalable Infrastructure No Yes Yes
attacks

BOT MITIGATION

Allow good bots & block Check for bots that are pretending as good bots and block
Yes Yes Yes
bot pretender those

Check if request is coming from TOR clients and increase

Tor IP based detection Yes Yes Yes
the risks score

IP Reputation based Know the IP reputation of connecting clients and increase the
Yes Yes Yes
protection risk score based on the reputation
Scanner /Exploitable Understand if scanners or other automated exploitation tools Yes Yes Yes
tools Checks are connecting and block those

Web Scrapper Checks 12 Yes Yes Yes

Validation of bot Validate requests for known bad bot signatures and block
signatures and blocking Yes Yes Yes
bad bots them

Anomaly Behaviour Identify anomalous behaviour of bots and increase the

No Yes Yes
Detection risk score

User Agent Based Check for known malicious bots based on UA of the requests
No Yes Yes
Detection and blocking or increasing risk score of identity
Datacenter Based Identify if clients are connecting from a datacentre and
No Yes Yes
Detection increase risk score
Checking for countries where requests are coming from and
Suspicious Countries increase risk score if it’s marked as suspicious countries / No Yes Yes
non-business countries
AppTrana WAAP DATASHEET

Key Features Benefits Advance Premium Enterprise

$99/App/ $399/App/ Custom/Billed

PRICING
Month Month Annually

RISK MONITORING

Guaranteed search
Genuine search engines are not blocked Yes Yes Yes
engine access

False positive Get experts monitor the core rule set for false positives & have
No Yes Yes
monitoring rules tweaked to ensure zero false positive

Premium rules which blocks complex layer 7 rules. Have them No Yes Yes
Premium rules
enabled after false positive monitoring

Get immediate alerts on any abnormal spike in traffic to

DDoS Notification Yes Yes Yes
the site

Premium DDoS Get complex DDoS attacks mitigated through expert No Yes Yes
mitigation monitoring and customized rules based on the attacks

Custom rules made by Complex business logic vulnerabilities can be protected 2 Unlimited Unlimited
experts via expert-written rules
Self-service rules
Create and manage the custom rules all by yourself 2 Unlimited Unlimited
(Custom rules)

Zero-day rule set Get instantaneous protection for zero-day vulnerabilities Yes Yes Yes

Instant customization Rules can be pushed instantly and propagated throughout

and propagation of Yes Yes Yes
security rules the infra

24X7 management by Yes Yes Yes

certified application Real time incident monitoring, response and reporting
security experts

Continuous Updates of Continuous monitoring of emerging threats and updating the

Yes Yes Yes
Rules rules as per the security needs
Full-fledged training of customer team on the entire set of Yes Yes Yes
Training
features & capabilities in the AppTrana WAAP
Site Availability Real-time notification of site availability and notifying in Yes Yes Yes
Notification case of any unavailability of the sites
License Utilization
Notifying in case of pending renewal of the service Yes Yes Yes
Notification

Attack Anomaly Notifying in case of surge of the attacks No Yes

No
Notification

Monitoring the incomings calls for to-and-fro time and

Latency Monitoring No No Yes
notifying in case of sudden increase in average round trip time

Named Account Indusface provides single point account manager who

Manager handles the entire account and represents customer No No Yes
internally to accelerate the security
Review provided by the account manager on utilization of the
Quarterly Service Review No No Yes
services & explains any sort of recent updates made

API SECURITY

Managed API Scanning Automated Scanning of APIs for OWASP Top 10 API Threats
No Yes Yes
and more

API definition Support Support to understand APIs by parsing postman files to No Yes Yes
enable API scanning

Shadow API Discovery Discovery of APIs that are not part of swagger definition No Yes Yes
but request served by API Server
API Discovery Discovery of APIs based on traffic No Yes Yes

Open API Documentation Auto creation of swagger documentation for API discovered No Yes Yes
AppTrana WAAP DATASHEET

Key Features Benefits Advance Premium Enterprise

$99/App/ $399/App/ Custom/Billed

PRICING
Month Month Annually

Auto creation of Positive

Positive security policies created from Swagger files No Yes Yes
security model for APIs

API specific WAF policies Specific Rules to protect against Top 10 API Threats No Yes Yes

Behaviour Based DDOS

Granular BDDOS Policies for critical APIs No Yes Yes
Protection for APIs

API Specific BOT API specific BOT policies No Yes Yes

detections

WHOLE SITE
ACCELERATION

With the world’s 4th largest, Tier-1 IP back- bone network:

Carrier grade TATA Communications – Customers get complete full-site Yes Yes Yes
CDN acceleration to reduce latency & ensure content reaches
users in the shortest time

Accelerate site content through optimization techniques Yes Yes Yes

Content optimization
like minification, auto-compression etc.
Automatic static Perform automatic static content caching for content like
Yes Yes Yes
content caching images, java script files and CSS

Dynamic content
Cache dynamic contents by enabling advance caching Yes Yes Yes
caching

Manual cache purge Cache items that can be instantly purged through the portal Yes Yes Yes

Advance caching policies can be crafted using URL Yes Yes Yes
Custom cache header
parameters & file paths

Site profiling and improving caching to reduce the load

Adv Profiling Yes Yes Yes
on the servers
Optimizing of Images to improve performance of pages Add-On Add-On Add-On
Image Optimization
which are heavy on Images

OTHER FEATURES

Analytics Page Independent analytics page to analyse traffic logs for the site Yes Yes Yes

Standard Reports Detailed Executive and site level scan reports Yes Yes Yes

Integration into 3rd AppTrana is CDN agnostic and will work seamlessly with any
Yes Yes Yes
party CDN CDN

360* visibility into

With integrated DAST Scanner and WAF, AppTrana provides Yes Yes Yes
application security
a comprehensive view to the application’s risk posture
posture
Highly available and Infrastructure that scales seamlessly to handle millions of
Yes Yes Yes
scalable architecture requests concurrently.

Custom Port Support for Custom Ports in Application Yes Yes Yes

WebSockets Support for Application passing traffic through Websockets Yes Yes Yes

HTTP v2 Support for HTTP v2 protocol Yes Yes Yes

Zero downtime Entire onboarding is done within a few minutes ensuring

Yes Yes Yes
onboarding zero downtime for the site (protection right from the day zero)
AppTrana WAAP DATASHEET

Key Features Benefits Advance Premium Enterprise

$99/App/ $399/App/ Custom/Billed

PRICING
Month Month Annually

RBAC Role based access control to the customers No Yes Yes

2FA Two-factor authentication No Yes Yes

SIEM integration with any SIEM providers for gathering

SIEM No Yes Yes
real-time insights and alerts for swift threat response
Sign in to AppTrana with your existing corporate credentials
SAML Integration/SSO Yes Yes Yes
from any device without compromising security

Retain complete control of the site and have ability to bypass

Bypass mode Yes Yes Yes
AppTrana with a single click

Have ability to deploy all rules in the log mode and monitor
Log mode Yes Yes Yes
logs to ensure zero false positives

Get real time access to logs and ensure quick notification

Real-time logging Yes Yes Yes
and action in case of attacks
24/7/365 support through phone, chat and emails, backed
Support Yes Yes Yes
by guaranteed response time SLA

Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API
applications of 5000+ global customers using its award-winning fully managed platform that integrates
web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence
engine.

Indusface, funded by Tata Capital Growth Fund II, is the only vendor to receive 100% customer
recommendation rating three years in a row and is a global customer choice in the Gartner Peer Insights
™ Web Application and API Protection (WAAP) Report 2023. Indusface is also a “Great Place to Work” 2022
Winner in the Mid-Size category in India and is PCI, ISO27001, SOC 2, GDPR certified and has been the
recipient of many prestigious start-up awards.

Bangalore | Delhi | Mumbai | Vadodara | San Francisco

www.indusface.com | [email protected] | [email protected]

Copyright © Indusface, All rights reserved.