> ## Documentation Index
> Fetch the complete documentation index at: https://docs.osto.one/llms.txt
> Use this file to discover all available pages before exploring further.

# What is Web Application Protection

> How Osto's reverse-proxy protection model safeguards your web applications and APIs.

Osto provides the Web App & API Protection Module, designed to safeguard web applications and APIs from a wide range of attack vectors and security exploits. This module delivers essential protection by examining and controlling HTTP/HTTPS traffic between applications and the internet, defending against threats such as DDoS attacks, malicious bots, and OWASP-identified vulnerabilities.

<img src="https://mintcdn.com/osto/AH9LQ2o2aScfdFt0/images/wap-how-it-works.png?fit=max&auto=format&n=AH9LQ2o2aScfdFt0&q=85&s=098e6658d98c3f7536c4c3796f48deb3" alt="How it works" width="1433" height="834" data-path="images/wap-how-it-works.png" />

Deploying the Osto Web App & API Protection Module in front of a web application creates a protective barrier between the application and internet traffic. Unlike a standard proxy server that simply masks client identity, the Osto module functions as a reverse-proxy system, shielding servers from direct exposure by requiring all client requests to pass through it before reaching the application.

## SSL Certificate Management

Osto provides a free SSL certificate for encrypting traffic between users and the Osto service. Your original SSL certificate remains on your server unchanged, maintaining encryption between Osto and your backend. This creates dual-layer encryption — users connect securely to Osto, and Osto connects securely to your server.

The setup requires no changes to your existing SSL configuration while providing automatic certificate management for the public-facing connection. All traffic remains encrypted end-to-end through both certificate layers.

<img src="https://mintcdn.com/osto/AH9LQ2o2aScfdFt0/images/wap-ssl.png?fit=max&auto=format&n=AH9LQ2o2aScfdFt0&q=85&s=0920c84244da04902556571ca49875c8" alt="SSL dual-layer encryption diagram" width="868" height="226" data-path="images/wap-ssl.png" />

## Attack Detection and Security Flow

All incoming HTTPS requests first go through Attack Detection, which checks all the essential protocols. Valid requests with no suspicious patterns are forwarded to your origin server. Invalid or suspicious requests are blocked and rejected.

Requests that pass initial checks but contain potential threats go through advanced Security Checks for DDoS protection, bot mitigation, and OWASP Top 10 vulnerability detection. When malicious patterns like SQL injection are detected, the request is blocked before reaching your server, ensuring only clean traffic gets through.

<img src="https://mintcdn.com/osto/AH9LQ2o2aScfdFt0/images/wap-attack-detection.png?fit=max&auto=format&n=AH9LQ2o2aScfdFt0&q=85&s=12c3c46a55ed0ff97c3044acfd57e56d" alt="Attack Detection and Security Flow" width="1496" height="462" data-path="images/wap-attack-detection.png" />

## API Protection

API Protection ensures only legitimate traffic reaches your origin servers. Each HTTP/S request is subjected to advanced security checks. Valid requests are allowed after passing all validations, while malicious ones — such as SQL injection or other pattern-based attacks — are blocked.

The system includes high-level monitoring of application/json APIs to detect anomalies, abuse, or misuse in real time. This layered defense protects APIs, ensures reliability, and prevents backend compromise.

<img src="https://mintcdn.com/osto/AH9LQ2o2aScfdFt0/images/wap-api-protection.png?fit=max&auto=format&n=AH9LQ2o2aScfdFt0&q=85&s=5bafc9b1b531bda3a1fc4e140f26fba0" alt="API Protection" width="1494" height="338" data-path="images/wap-api-protection.png" />

## AI Web Vulnerability Scanning

Osto's AI-powered web scanner automatically analyzes your website security and provides a comprehensive security score to assess your overall protection level. The intelligent system scans all your domains using machine learning algorithms to categorize discovered vulnerabilities by severity and help you prioritize critical fixes first.

It identifies the most frequently targeted areas of your website and generates detailed reports showing exactly where vulnerabilities exist. The AI scanner runs on configurable schedules and provides specific remediation guidance for each discovered issue.

<img src="https://mintcdn.com/osto/AH9LQ2o2aScfdFt0/images/wap-ai-scanning.png?fit=max&auto=format&n=AH9LQ2o2aScfdFt0&q=85&s=a9c4125b11575e2a601fe3669ddea744" alt="AI Web Vulnerability Scanning" width="1507" height="876" data-path="images/wap-ai-scanning.png" />

## How Requests Are Processed

The Osto Web App & API Protection Module operates as a high-performance reverse-proxy in front of your applications. Every incoming request flows through Osto's protection engine, which applies security rules and filters malicious traffic. Clean requests are forwarded to your origin servers; malicious requests are blocked at the protection layer before they ever reach you.

<img src="https://mintcdn.com/osto/AH9LQ2o2aScfdFt0/images/wap-request-processing-1.png?fit=max&auto=format&n=AH9LQ2o2aScfdFt0&q=85&s=2a44a267f8c69618a9b7511a282962a7" alt="Request processing architecture" width="810" height="390" data-path="images/wap-request-processing-1.png" />

<img src="https://mintcdn.com/osto/AH9LQ2o2aScfdFt0/images/wap-request-processing-2.png?fit=max&auto=format&n=AH9LQ2o2aScfdFt0&q=85&s=df7da6851e999810e67edbc2dded22b4" alt="Request processing flow detail" width="1184" height="530" data-path="images/wap-request-processing-2.png" />

## Learn More

To discover what other security solutions Osto provides, contact us at [connect@osto.one](mailto:connect@osto.one).
