/

WAAP

Strictera WAAP

Scalable DDoS & bot protection for websites, apps and APIs from the very first malicious request

Why choose between performance and flexibility when you can have both?

Book a demo

<0,01% false positive

<1 ms bad bot detection

No SSL/TLS disclosure (PCI DSS Compliance)

About the product

Strictera WAAP provides highly accurate filtering of illegitimate bot activity and protects against all automated web threats, including both simple and full-stack bots, DDoS attacks and threats listed in the OWASP Automated Threats to Web Applications and API Security Top 10.

It is particularly valuable when local termination of encrypted traffic is required without transmitting SSL/TLS data, enabling the detection of malicious bots and establishing robust local protection within existing IT infrastructure. The product ensures compliance with the PCI DSS international standard for payment data processing, making it highly relevant for organizations in finance, e-commerce, and online services.

Strictera's hybrid deployment strategy combines on-premise software power with the agility of cloud solutions.

Product components

Multi-factor traffic analysis

Strictera regularly updates its signature database for highly precise traffic identification.

Detailed statistics and traffic analytics are available both through the personal control panel and through API.

It is possible to integrate Strictera analytics module with other systems for traffic monitoring.

Secure DNS

Strictera's secure DNS eliminates potential points of failure for web applications that may be caused by the unavailability of your DNS hosting provider.

To connect, you simply delegate your DNS zones to Strictera. This feature allows you to scale your protection capacity to mitigate any volumetric attacks.

Additional cloud filtering

Includes 40 hours of free cloud-based filtering per month across all plans, providing seamless scalability for traffic spikes.

Features

SMS leak & API abuse detection

Our system blocks automated requests for SMS codes used in user authorization or action confirmations, preventing your SMS aggregator balance from being drained. The protection also extends to mobile application APIs.

Various use-case scenarios

For various parts of a web resource, you can simultaneously configure and utilize DDoS attack blocking, bot filtering, and traffic monitoring to enrich data about system components.

Low-frequency DDoS attacks mitigation

Our per-request filtering avoids blocking based on IP addresses, making it effective against subtle attacks. Strictera WAAP protects your web resources from all forms of unauthorized automation, including low-frequency DDoS attacks that traditional statistical methods might miss.

Zero-day threats prevention

The product safeguards against zero-day threats by blocking unauthorized scanning of web resources for vulnerabilities that could lead to advanced persistent threats (APT) attacks.

Bruteforce & ATO-attacks detection

The product defends against brute force attempts aimed at cracking user accounts and accessing personal or sensitive data.

Bot management

Сustom Rules feature allows you to easily configure traffic processing through Strictera control panel or API.

OWASP threats mitigation

Strictera WAAP blocks any attacks on business logic and threats listed in the OWASP API Security Top 10.

Web scraping blocking with load optimization

The built-in Antiscraper shields your web resources from unnecessary load caused by competitors automatically collecting your unique content to gain a market advantage.

Multi-factor traffic analysis

1.

Primary analysis evaluates incoming traffic using multiple parameters, dynamically adjusting to your web server’s performance over time.

2.

Signature analysis compares connection and session parameters against a database of known legitimate user patterns to detect threats.

3.

Reputation analysis examines query parameters, activity profiles across subnets, and other metrics to validate trusted traffic.

4.

Behavioral analysis leverages machine learning models to verify session legitimacy, identifying even advanced bot activity.

5.

Continuous adaptation. Our experts monitor traffic in real-time, refining algorithms and updating the system to ensure precise filtering accuracy.

Note. Browser traffic is filtered instantly upon connection, with mobile traffic profiles fully optimized in just 3 days.

Deployment mode

Hybrid protection

Deploy Strictera’s filtering platform locally within your infrastructure for full control and seamless scalability through our cloud capabilities. Manage filtering settings independently or collaborate with Strictera’s expert engineers for advanced technical support. Perfect for safeguarding web applications without exposing SSL/TLS data.

Key benefits

30-minute deployment for rapid implementation.
PCI DSS and GDPR compliance for regulatory confidence.
Seamless integration with NGINX and Angie web servers.
Local termination of encrypted traffic, ensuring no SSL/TLS data is shared externally.
Trusted by financial services and business applications handling sensitive data, delivering enterprise-grade security with simplicity.