Glossary

Web Application and API Protection (WAAP)

What is Web Application and API Protection (WAAP)?

All applications used for work and play today are web or API-based applications. A web application is accessed using browsers and may use an API in the backend. API’s are used for application to application communication and are used by both web and mobile applications. Today, Web Applications are the top attack vector in data breaches and per Gartner, API’s are fast overtaking them to become the top attack vector by 2022.

Gartner has defined Web Application and API Protection (WAAP) as the evolution of the web application firewall (WAF) market, expanding WAF capabilities to four core features: WAF, DDoS protection, bot management and API protection. WAAP development started with cloud-delivered WAF services that were easier to deploy, and from the start bundled WAF with DDoS protection. WAAP is the amalgamation of all the web application and API security features into a single appliance or service that provides comprehensive protection to web and API applications.

Why is Web Application and API Protection important?

72% of organizations go breached through web applications in the 12 months through April 2021. Application attacks are becoming increasingly complex. Attackers use a variety of tools and techniques to breach applications—not only to steal data, but also to perform lateral movement to go further into your network to steal other data, infect your network with ransomware or use your web application to distribute or control malware.

API’s are everywhere today—most modern web applications are built API-first and enable many of the services we depend on. They’ve been around for a long time but have exploded in use in the last few years. Because of how they function, APIs have direct access to data in a way that web applications do not—and any API breach can cause significantly more damage than a web application breach. Because of a lack of understanding of API deployments and security, APIs are severely unprotected, and breaches are becoming increasingly common.

How Barracuda can help

Barracuda Cloud Application Protection is an integrated platform that brings a comprehensive set of interoperable capabilities together to ensure complete Web Application and API security. It combines full WAF functionality with a complete set of advanced security services and solutions that protect your applications against today’s multiplying threats. Whether your applications are deployed on-premises, in the cloud, or hybrid, Barracuda Cloud Application Protection makes it easy to keep them secure and available.

Barracuda Web Application Firewall (WAF) solutions are available as appliances (hardware or virtual) that can be implemented on premises or hosted in the cloud, as a container and through an innovative SaaS solution that combines advanced functionality with ease of deployment and management. The Containerized Barracuda Web Application Firewall can be deployed and managed using the SaaS solution, providing the option to use either or both solutions based on your needs.

With both deployment models, you get complete application security, including protection for the OWASP Top 10 Web & API threats and many more vulnerabilities and automated threats, along with automatic detection and remediation. Compared to many competing solutions, Barracuda WAF solutions are remarkably simple to deploy, configure, and manage, with capabilities like the Machine Learning-based Auto Configuration Engine.