Airlock Gateway is both a web application firewall (WAF) and an API gateway. It acts as a central reverse proxy for all HTTPS connections, analyses and manages traffic moving between users and services. Attempted attacks on applications are blocked before they can reach the protected systems.

As a WAF, it provides

• comprehensive protection against the OWASP Top 10 vulnerabilities
• role-based access control for web applications
• centralised management of security policies.

Part of the Airlock Secure Access Hub, Airlock Gateway acts as a central reverse proxy for all HTTPS connections and protects against web attacks. In conjunction with Airlock IAM, it ensures secure session management while serving as a policy enforcement point for authentication and authorisation decisions.

As an API gateway, it re-uses the protecting mechanisms of a WAF and extends them to the API realm:

• Dedicated attack detection and prevention for API endpoints
• Best of industry protection against OWASP Top 10 API vulnerabilities
• OpenAPI schema enforcement: Automated and dynamic request white listing based on OpenAPI specification
• JSON payload verification à la html form protection
• Role-based access control for API endpoints, including HTTP methods

Modern applications and services shift the user interface functions into the end devices of the users, as Single-Page Application (SPA) in the browser or as native Smartphone App.

Communication with the servers thus focuses on the exchange of process data via APIs (Application Programming Interfaces). REST/JSON APIs, in particular, are currently in vogue. The new architecture exposes them to a large extent and they require the same level of protection against web attacks. Combine it with Airlock IAM to enrich your service with REST-based authentication and user management, API keys, rate limits & quotas.

Thanks to these innovative security functions, you can always stay ahead of attackers.