Web Services Firewall


Easy. Effective. Cost Effective.

DenyAll Web Services Firewall is a standalone product which can also be deployed as an extension of DenyAll Web Application Firewall. It leverages the administration versatility of the platform to provide security for IT process relying on XML/SOAP traffic and APIs. Use it to route and optimize Web services, ensure machine-to-machine communications within your IT and with partners are not the subject of denial of service and intrusion attacks.


Discover why relying on DenyAll WSF is the right decision for you

Administration productivity

Because you need your admins and developers to collaborate and release code fast without losing time on repetitive tasks.

Efficient Security

Because you need to actually block attacks targeting your Web Services and can’t afford false positive to be generated.

Application Security Innovation

Because you know old recipes don’t work and want to take advantage of innovative approaches in application security

Virtual patching

Because you need to discover those unprotected, vulnerable web services members and make sure they are covered too.

Ubiquitous Security

Because you need to protect all web services members, including those outside of your direct control.

NextGen Application Security

Because protecting your IT requires an integrated solution, combining scanning, web application/services security and user access.


With DenyAll Web Services Firewall, optimize the performance and security of your Web Services

Workflow Engine

Optimizing XML traffic and configuring Web Services security is as simple as dropping boxes and dragging arrows. Making complex data flows and policy understandable by people not familiar with that.


Automate basic administrative tasks, including initial setup and policy configuration, on-going monitoring and reporting activities.

WS Security

XML parsing and scheme validation for DTD, WSDL, XSD, WADL. REST profiling and security using JSON or XML formats. Extensive xPath injection protection filters.

API Gateway

Ability to encrypt and decrypt parts of the content. SAML authentication integration as a Service Provider. Can also act as the Identity Provider (IDP) at the same time, or be integrated with any other IDP.

Services Learning

Check all incoming namespaces, nodes, types and all possible values to understand how the web service actually works.

Log Replay

Use WSF logs to simulate the data running through a new version of the security policy, before validating it, making sure legal requests are not blocked. Or understand what happened, after the fact.

Virtual Patching

Use DenyAll Vulnerability Manager to verify the efficiency of your security policy. DenyAll WSF can read the scan report and suggest configuration changes, thus virtually patching vulnerabilities.


DenyAll WAF adds the ability to secure http/https traffic. DenyAll WAM handles Web SSO for users, beyond the various authentication methods already supported (client certificates, SAML, Radius, LDAP, etc).

Contact us to find out more

To arrange a demo or consultation get in touch and we will have the right person respond as soon as possible.

Contact us