Protect web and mobile application APIs from the growing threat of attacks and data breaches that cause more havoc than traditional web application attacks.
Import standard OpenAPI, Google Discovery, and XML formats to enforce strict positive security rules. Block all attacks including attackers probing for vulnerabilities in your API.
Barracuda application security solutions provide content routing, caching, and compression to speed up chatty APIs with secure API delivery. You can enforce SLAs with rate limits and slow down violators with capabilities like tarpitting.
Barracuda Cloud Application Protection is an integrated Web Application and API Protection (WAAP) platform. The core protections are provided by Barracuda Web Application Firewall and Barracuda WAF-as-a-Service, both of which use the same proven application security technology to protect your websites, mobile applications, and APIs against the worst application attacks. Barracuda’s solutions prevent attacks including the OWASP Top 10 Web & API, DDoS, and bot attacks that use scraping, denial of inventory and credential-stuffing. Deployed globally and continually improved for over a decade, Barracuda’s solutions deliver the application security you need with industry-leading ease of use.
A hardened TLS front-end provides a secure access layer to your APIs. Content routing allows you to add newer API versions or perform rollouts and testing without needing to configure the entire API setup from scratch. As you add newer APIs, you can import either updated API contract documents or virtual patches from supported scanners to automatically configure security for your new API endpoints. Add authentication and authorization with OpenID Connect, SAML, and other integrations to restrict API access to authorized users.
Barracuda Web Application Firewall and Barracuda WAF-as-a-Service are both fully configurable using REST APIs and can integrate with various tools throughout the development cycle. You can integrate the security configuration early into the development cycle by using the API specification import and virtual patching — and by the time your API is in production, you have a battle-tested configuration. Content routing and allied features enable you further to deliver different versions of your API for A/B testing, canary rollouts and other such deployments.
Each request to your API is logged with all the headers and other details, making it easy for you to troubleshoot any issues. The reporting and syslog modules have multiple integrations, giving you quick and thorough visibility into traffic patterns and changes in behavior.