Threat landscape


Our web application firewall is an innovative protection system that detects and blocks attacks including the OWASP Top 10, WASC, layer 7 DDoS, and zero-day attacks with pinpoint accuracy. It ensures continuous security for applications, APIs, users, and infrastructure while supporting compliance with security standards including PCI DSS.

Infographic: How Web Application Firewall Works

Ensure quick start and rapid uptake

Thanks to a large number of delivery and deployment options, our WAF can be quickly and easily deployed on any infrastructure, for applications of any type and level of complexity.

Use cases

Get all-around, all-the-time protection

PT AF is more than just an ordinary tool in your IT security infrastructure. State-of-the-art technologies and integrations, such as with PT Application Inspector, provide comprehensive and continuous protection for your apps (even ones with continuous development cycles), users, and infrastructure.

Watch video about PT AF


Benefit from maximum security with a minimum of fuss

Powerful features, including machine learning, ensure unmatched web security—while extensive automation makes administration more hands-off than ever before.

Deployment options

Hardware appliance

A physical server running PT Application Firewall is installed on the client premises. The following modes are supported: inline (transparent proxy, reverse proxy, L2 network bridge), monitoring, and autonomous.

Virtual appliance

The WAF virtual appliance is deployed on the client's dedicated virtual infrastructure (such as VMware vSphere). Modes are the same as listed for the hardware appliance.

Cloud: private, public (Microsoft Azure), or hybrid

Modes are the same as listed for the hardware appliance. Deployment of our web app firewall in a Microsoft Azure public cloud takes literally one click from Azure Marketplace.

SaaS: administration by Positive Technologies or the client

If you are unable to install and maintain high-load systems of your own, or simply desire more flexible pricing—such as paying just for traffic actually used or for the period of time most convenient for you—consider the software as a service (SaaS) model as a way to avoid the upfront costs of an on-premise solution.

PT AF is hosted on Positive Technologies infrastructure, which is responsible for the following tasks: analyzing traffic, generating reports, handling and storing security incidents, and managing product configuration. You simply direct your traffic to us, we process it, and the processed traffic is returned to you via the Internet.

SaaS: administration by Positive Technologies or the client

IaaS: client or MSS provider

Our WAF can be deployed under the infrastructure as a service (IaaS) model at your company or at a third party (such as an MSS provider). Unlike the SaaS option, in this case traffic is analyzed only on systems owned by you or the third party, in accordance with the Positive Technologies data handling policy. Positive Technologies infrastructure is used to generate reports, process and store security incidents, and manage product configuration.

IaaS: client or MSS provider

Stay compliant with major standards

PT AF helps to ensure compliance with PCI DSS and other international, national, industry, and corporate security standards.



Is your Mobile API under a silent attack?

Related solutions