Osto provides the Web App & API Protection Module, designed to safeguard web applications and APIs from a wide range of attack vectors and security exploits. This module delivers essential protection by examining and controlling HTTP/HTTPS traffic between applications and the internet, defending against threats such as DDoS attacks, malicious bots, and OWASP-identified vulnerabilities.Documentation Index
Fetch the complete documentation index at: https://docs.osto.one/llms.txt
Use this file to discover all available pages before exploring further.
SSL Certificate Management
Osto provides a free SSL certificate for encrypting traffic between users and the Osto service. Your original SSL certificate remains on your server unchanged, maintaining encryption between Osto and your backend. This creates dual-layer encryption — users connect securely to Osto, and Osto connects securely to your server. The setup requires no changes to your existing SSL configuration while providing automatic certificate management for the public-facing connection. All traffic remains encrypted end-to-end through both certificate layers.
Attack Detection and Security Flow
All incoming HTTPS requests first go through Attack Detection, which checks all the essential protocols. Valid requests with no suspicious patterns are forwarded to your origin server. Invalid or suspicious requests are blocked and rejected. Requests that pass initial checks but contain potential threats go through advanced Security Checks for DDoS protection, bot mitigation, and OWASP Top 10 vulnerability detection. When malicious patterns like SQL injection are detected, the request is blocked before reaching your server, ensuring only clean traffic gets through.
API Protection
API Protection ensures only legitimate traffic reaches your origin servers. Each HTTP/S request is subjected to advanced security checks. Valid requests are allowed after passing all validations, while malicious ones — such as SQL injection or other pattern-based attacks — are blocked. The system includes high-level monitoring of application/json APIs to detect anomalies, abuse, or misuse in real time. This layered defense protects APIs, ensures reliability, and prevents backend compromise.
AI Web Vulnerability Scanning
Osto’s AI-powered web scanner automatically analyzes your website security and provides a comprehensive security score to assess your overall protection level. The intelligent system scans all your domains using machine learning algorithms to categorize discovered vulnerabilities by severity and help you prioritize critical fixes first. It identifies the most frequently targeted areas of your website and generates detailed reports showing exactly where vulnerabilities exist. The AI scanner runs on configurable schedules and provides specific remediation guidance for each discovered issue.
How Requests Are Processed
The Osto Web App & API Protection Module operates as a high-performance reverse-proxy in front of your applications. Every incoming request flows through Osto’s protection engine, which applies security rules and filters malicious traffic. Clean requests are forwarded to your origin servers; malicious requests are blocked at the protection layer before they ever reach you.
