Published: 31 August 2022
WAAP platforms are the preferred choice for protecting public-facing services, as they combine broad scope, scale and security controls specific to web apps and APIs. To protect key public-facing services, SRM leaders must assess these platforms’ overall capabilities, not just their core rulesets.
Included in Full Research
Protecting public-facing web applications against attacks and exploits of vulnerabilities in custom or third-party code remains the primary use case for web application and API protection (WAAP) platforms.
A growing number of organizations evaluate the four core capabilities that define a cloud WAAP service: web application protection, distributed denial of service (DDoS) protection, bot management and API security.
The WAAP market is diverse. It includes offerings from content delivery network (CDN) and infrastructure-as-a-service (IaaS) providers, born-in-the-cloud (“cloud-owned”) WAAP services and products based on a hosted web application firewall (WAF) appliance (“cloud-rented”).
In the past year, leading WAAP providers have expanded their
Clients can log in to view the entire
Strategic Planning Assumptions
- Amazon Web Services
- Management, Monitoring and Reports
- DDoS Protection
- Application Security
- Bot Management
- API Security
- Scalability and Geographic Presence
- Expertise in Small Environments
- Technical Architecture
- Core Security
- Web-Scale Business Application
- API Security and DevOps
- High Security
Gartner Recommended Reading
Critical Capabilities Methodology