Get started with CWAAP

NetScaler Web Application and API Protection (CWAAP) is a comprehensive and easy-to-use cloud service that offers protection against security attacks.

The NetScaler Web Application and API Protection (CWAAP) is a layered security solution that consists of a full-featured, always-on distributed denial of service (DDoS) defense, denial of service (DoS) protection, and a web application firewall (WAF).

CWAAP, is cloud service with 14 points of presence (PoPs) across the world, CWAAP offers a consistent security posture across all clouds and private data centers, with a low latency and application responsiveness.

Built on NetScaler Web App Firewall and enhanced with volumetric DDoS protection and expanded machine learning capabilities, the service allows IT to:

  • Define application and API-specific security to safeguard against the OWASP’s top 10 and zero-day attacks.
  • Apply one of the largest scrubbing networks to protect applications from large DDoS attacks.
  • Reduce security configuration errors and simplify visibility and governance across multi-cloud environments.
  • Configure rules and policies and adjust them as application security requirements change.
  • Secure applications fast wherever they are deployed without more infrastructure or operational complexity.
  • Scale in minutes with simple license upgrades.

The cloud-based solution keeps your applications safe as you migrate workloads from on-premises to cloud or among public clouds.


If you are an existing customer, you can sign into CWAAP.

If you are a new user, you can request for a CWAAP trial or demo. Please contact your Citrix account manager, or see our NetScaler Web Application and API Protection product page.


NetScaler Web Application and API Protection service offers the following benefits to customers:

  • Provides holistic, proven, and layered protection.
  • Protects any application, anywhere.
  • Enables protection fast and scale protection quickly and easily.
  • Provides simple and predictable consumption model.
  • Provides multi-cloud compliance and governance.

For more information, see CWAAP benefits

How CWAAP works

NetScaler Web Application and API Protection is simple to deploy and easy to configure across multi-cloud environments—all from a single pane of glass. Protect any application, anywhere, with a holistic security approach that provides volumetric DDoS protection with the NetScaler Web App Firewall solution.

NetScaler Web Application and API Protection - how it works

CWAAP DDoS and WAF protection for web applications and APIs

CWAAP provides security protection against the following WAF and DDoS attacks.

CWAAP mitigates the following security attacks

  • SQL injection
  • Cross-site scripting (cross-site scripting)
  • Cross-site request forgery (CSRF)
  • Buffer overflow
  • Form/hidden field manipulation
  • Forceful browsing protection
  • Cookie or session poisoning
  • Command injection
  • Error triggering sensitive information leak
  • Insecure use of cryptography
  • Server misconfiguration
  • Back doors and debug options
  • Rate-based policy enforcement
  • Well-known platform vulnerabilities
  • SOAP array attack protection
  • Content rewrite and response control
  • Authentication, authorization, and auditing (authentication, authorization, and auditing)
  • Layer 4-7 services DoS and DDoS protection

CWAAP mitigates attacks and protects your Web Server and Web Services

  • Deep stream inspection; bi-directional analysis
  • HTTP and HTML header and payload inspection
  • Full HTML parsing; semantic extraction
  • Session-aware and stateful
  • HTTP Signature scanning
  • Scan thousands of signatures
  • Response side checks
  • Protocol neutrality
  • HTML form field protection:
  • Drop-down list & radio button field conformance
  • Form-field max-length enforcement
  • Cookie protection – Signatures to prevent tampering; cookie encryption and proxying
  • Legal URL enforcement – Web application content integrity
  • Configurable back-end encryption
  • Support for client-side certificates
  • XML data protection:
  • XML security: protects against XML denial of service (xDoS), XML SQL and
  • Xpath injection and cross site scripting.
  • XML message and schema validation, format checks, WS-I basic profile compliance, XML attachments check
  • URL transformation

CWAAP mitigates DDoS attacks from layer 3 through layer 7

Network Layer Attacks:

  • AKA - Layer3/Layer4 attacks
  • High volume of bits/sec
  • High volume of packets/sec
  • Burst attacks
  • Carpet bomb attacks

Common attacks: UDP floods:

  • SYN floods
  • NTP Amplification
  • SSDP Amplification
  • DNS Amplification
  • Chargen Amplification
  • SNMP Amplification
  • Memcached Amplification

Application Layer Attacks:

  • AKA - Layer 7 Attacks
  • These attacks are typically more complex to generate and more complex to block
  • Not necessarily high bandwidth
  • GET floods, POST floods
  • Slow and Low
  • Session exhaustion
  • CPU/Memory exhaustion
  • Stealth
  • Require more SOC analysis

Understanding NetScaler Web Application and API Protection and its features

CWAAP portal is a cloud-based analytics solution that enables you to monitor and troubleshoot security incidents. The solution provides personalized experience, greater automation, and real-time analytics that you can quickly act upon. Following are the features available on the CWAAP portal:

  • Displays network sources and attacked protocols in an easy, informative way
  • Shows real-time and historical information about security attacks.
  • Empowers you to route and scrub traffic without any cumbersome interaction.
  • Enables automated mitigation of traffic attacks.
  • Provides insights for traffic statistics, including top talkers and top routes
  • Shows D&A Alerts information including attacked origin server IP, type of attack, and traffic type.

CWAAP features are available under four categories, basic operations, system configuration, analytics, and events.

Basic operations. You can access CWAAP either using the API or GUI. Once you log on to the portal, you can access the Account Information module on the left pane to set up user accounts, manage existing accounts, manage user notifications. For more information, see CWAAP Basic Operation topic.

System configuration. You can access the Configuration module on the left pane for system configurations such WAF policies, network assets, and associate SSL certificates. For more information, see CWAAP System Configuration topic.

Analytics. The Analytics module enables you to monitor data related traffic scrubbed, traffic routed, traffic violations, and asset configuration. For more information, see CWAAP Analytics topic.

Events. Displays events triggered when CWAAP detects security attacks. When using different event logs generated by hosts, devices, applications, and databases, network traffic and its vulnerabilities, the CWAAP capability provides deep visibility and analytics to address the most demanding security requirements. For more information, see CWAAP Events topic.

For a quick demo, see NetScaler Web Application and API Protection demo.

Get started with CWAAP