Citrix Web App & API Protection FAQ's
Citrix Web App & API Protection (CWAAP) is a cloud based Web Application Firewall and API gateway combined with advanced Distributed Denial of Service protection capability. A super hot product, we're seeing lots of use cases and have the answers to your questions.
Citrix Web App & API Protection (CWAAP) is a web-based solution that provides protection for security threats. Citrix WAAP is a service that consists of an always on DDoS (distributed denial of service) defence, DoS (denial of service) protection, Bot Management and WAF (web application firewall).
Check out our blog for more: What is Citrix Web App & API Protection Service?
Simply put, customers change their DNS records for sites they wish to protect to point to the Citrix WAAP service and then the Citrix WAAP service will forward “only clean/scrubbed” traffic to customer sites. The customer firewalls will then be configured to only accept traffic from the CWAAP POP’s ensuring only clean traffic enters their sites.
- Citrix Web Application Firewall (WAF).
- Volumetric Distributed Denial of Service mitigation (DDoS).
- Denial of Service Protection (DoS).
- Bot Management.
- Web Application Firewall is a layer 7 firewall that monitors, filters and blocks inbound and outbound application traffic protecting against malicious attacks.
- Web Application Firewalls help protect web sites against common malicious attacks often characterised by the Open Web Application Security Project (OWASP) top 10 web attacks.
A Denial of Service (DoS) attack is when an attacker attempts to flood a network to prevent legitimate traffic accessing the resource on that network.
A Distributed Denial of Service (DDoS) attack is when multiple attackers work together to attack a single site to consume all the bandwidth available to that site and prevent legitimate traffic gaining access.
An internet “bot” (robot) is a software application that runs automatic tasks over the internet. Some “Bot’s” are legitimate, such as google index bot and some are not so nice which basically scan websites looking for vulnerabilities.
Bot management is therefore the ability to distinguish the difference and allow legitimate and block nasty.
Citrix Web Application & API Protection (CWAAP) is managed through a single cloud dashboard making configuration and management easy and allowing customers to very quickly, with a few simple steps, set the appropriate switches to protect their sites.
Citrix Web App & API Protection (CWAPP) provides customers with quick, easy and scalable solution to protect any application, anywhere with proven, layered, web protection technology.
- Citrix App & API Protection (CWAPP) is available as a WAF+DDos+Bot bundle and a DDoS only bundle.
- They are both licensed on Bandwidth of “Incoming CLEAN traffic” ( the traffic flowing from the CWAAP PoP to customer site) and number of applications being protected.
- Licensing is based on a consumption-based model so “Opex” not “Capex”.
There are currently 14 PoP’s globally, and this is growing.
Once the customer has placed the order with Citrix, within 72 hours a portal will be set up specific to the customer.
OWASP (Open Web Application Security Project) is an organisation that focuses on software security with many projects that include open-source software development. One project is to maintain the “OWASP top 10” which is a list of the top 10 security risks faced by web applications and developers.
The Open Web Application Security Project (OWASP) Top 10 is a list of the top security risks faced by web applications. OWASP top 10 are commonly listed as below:
- Buffer overflow attacks.
- Cookie security attacks.
- Forceful browsing.
- Web form security attacks.
- SQL injection attacks.
- Cross-site scripting attacks.
- Malicious code or objects.
- Badly-formed XML requests.
- Denial of service (DoS) attacks.
- Citrix documentation:
Citrix Blog on CWAAP:
- Citrix CWAAP web page: