Application Protection as a Service

The perimeter of applications is expanding and becoming more difficult to define. Whether on-premise or in the cloud, applications are now dispersed across different platforms. Many rely on third-party JavaScript services and interact with other third-party services through APIs. As a result, the attack surface targeting larger applications and their exposure to risk is increasing.

Applications are constantly changing and updating. Security policies must be adapted accordingly to protect them and the data they host, as well as to comply with information security policies. It is increasingly difficult to protect against an expanding variety of attack methods, adapt policies in real-time to mitigate automated attacks, and maintain a high level of security with low levels of false positives so that legitimate traffic is not blocked. This often requires manual labor, operating costs, and expertise that many organizations cannot sustain on their own.

Radware’s adaptive, automated WAF protects against web application attacks, hacks, and other vulnerabilities. WAF technology uses a positive security model that automatically learns behavior patterns from legitimate user activities, constructs tailored security policies to enable those activities, and blocks any actions that deviate from these legitimate patterns.

The combination of Radware’s negative and positive security models provides comprehensive protection against the top 10 OWASP threats and zero-day attacks that WAFs based solely on negative security models (which rely on signature blocklists of known attacks) cannot stop.

In this game, you'll face different challenges from part of our protections. Some of the challenges are initially hidden, becoming visible once the required challenge is solved.

Time Management

If you can't find the flag, or don't know how to get it : click on "Hint".
It costs few points, but will allow you to save time.

Topics for challenges

  • WebDDoS
  • Cloud WAF
  • Threat Intelligence
  • API Protection
  • Bot Manager

    • Radware Cloud WAAP protection

    Web DDoS

    WebDDoS, or Web Distributed Denial of Service, is a type of cyber attack targeting the application layer (Layer 7) of a website or web service. It overwhelms the target with a flood of internet traffic, often mimicking legitimate user behavior, making it difficult to distinguish between genuine and malicious requests. Radware's WebDDoS solution uses advanced machine learning and behavioral analysis to establish a baseline of normal traffic, detect anomalies in real time, and mitigate attacks without disrupting legitimate users, ensuring application availability even during large-scale attacks.

    Cloud WAF

    Cloud WAF (Web Application Firewall) is a cloud-based, fully managed security service that protects web applications and APIs from various threats such as OWASP Top 10 vulnerabilities, DDoS attacks, bot attacks, and API threats. It offers real-time traffic inspection, behavioral analysis, signature-based protection, rate limiting, bot mitigation, and SSL/TLS inspection. Cloud WAF can be deployed inline or out-of-path, providing scalable, adaptive, and comprehensive web and API security with centralized management and analytics.

    Threat Intelligence

    Threat intelligence is a service that provides real-time, actionable insights derived from actual cyberattacks. It collects and analyzes data from multiple sources including on-prem devices, cloud interceptors, honeypots, and open source intelligence (OSINT). This intelligence helps security operations centers (SOCs) to distinguish between false positives and real threats, make informed decisions, improve threat detection and response, and proactively defend against cyber threats before they escalate. It integrates seamlessly with existing security workflows and offers enriched contextual data such as IP reputation, attack patterns, and alerts on internal compromises to safeguard business continuity.

    Radware Cloud provides a Claimed Attack dashboard for real-time monitoring of worldwide DDoS attacks claimed by hackers on their channels. Key features include:

  • Filtering by country, region, hacker group, or vertical targeted by the claimed attack.
  • Selecting a time range for viewing claimed attacks (up to one month).
  • Viewing Daily Activity: number of incidents, hacker groups, and domains involved.
  • Display of Top Hacker Groups, Incidents over time, Top Verticals Claimed, and Top Countries Claimed.

    • API Protection

    API protection is a comprehensive security approach designed to safeguard APIs from a wide range of threats and vulnerabilities. It involves multiple layers of defense including authentication and authorization, injection prevention, bot management, rate limiting, and business logic protection. Effective API protection continuously discovers and maps APIs, enforces accurate security policies, detects and blocks malicious activities in real-time, and adapts to evolving threats. It goes beyond basic API gateway functions by addressing advanced attacks such as broken object-level authorization, excessive data exposure, business logic abuse, and API-based DDoS attacks, ensuring data integrity, availability, and secure access.

    Bot Manager

    The Bot Manager is a cloud-based intelligence service for websites or applications. It makes decisions in real time and can distinguish between human visitors and automated software systems, limiting or eliminating automated or programmatic access to websites or applications.

    The service uses proprietary techniques to detect programmatic or automated behavior, analyzing over 120 variables collected from users attempting to establish a connection. This is complemented by Radware’s proprietary intelligence sources, improving bot detection over time.