Your product for Web application security

Airlock protects Web applications and Web services against attacks and provides sustainable, centrally monitored security. 200 customers in nine countries already protect over 5000 applications with Airlock.

Airlock is a Web application firewall (WAF) that offers a unique combination of defence mechanisms for Web applications. It has been developed to meet the security standards criteria of the payment card industry (PCI DSS), online banking security and the protection of e-commerce, and provides sustainable, easy to administrate and audit security for Web applications.

By using Airlock, companies are able to access the limitless opportunities the Internet provides, without compromising the security and availability of their Web applications and/or Web services. All access is controlled and filtered at all levels. At the same time Airlock enforces user authentication, facilitates single sign-on and offers SSL VPN access. Furthermore, important management information and performance data is easily available via the monitoring and reporting function.

As the leading Web application security solution on the market, Airlock offers the full spectrum of protection and optimisation solutions to cover the complete Web environment.

Central security functions:


Secure reverse proxy server and Web application firewall
Protection and availability for Microsoft Exchange and SharePoint
Secure, flexible access control for Web applications
The 7 classic misconceptions about Web application security

OWASP Top Ten Web Application Security Risks 2013

The OWASP Top Ten is published every three years and provides a powerful tool for raising awareness of web application security. The document below lists the ten most critical web application security risks, as identified by OWASP in their 2013 edition of OWASP Top Ten. The document also explains how Airlock addresses each of these risks to protect Web applications from these types of attacks.

Airlock and the OWASP Top Ten Web application security risks 2013

Payment card industry data security standard (PCI DSS)

Online-shop operators and companies who store, transfer or process credit card transactions are obliged to observe the credit card industry's data protection guidelines. Those who fail to comply with its twelve security requirements for computer networks risk fines, legal consequences and loss of reputation. E-commerce traders and Web application providers who process more than six million credit card transactions per annum must have their network security inspected by an external testing agency every three months. One of the requirements defined in the PCI DSS is the use of a WAF, such as Airlock.

Airlock is installed upstream of applications and provides the most efficient and cost-effective way of implementing the required security standards. Airlock offers state-of-the-art protection that eliminates the need for companies to constantly update or adapt their Web applications in response to new threats or vulnerabilities. It creates a secure Web application environment by terminating all connections and Web protocols (TCP/IP, SSL, HTTP, SOAP/XML, SSL VPN, etc.), authenticating users independently of the business logic, and filtering all requests and responses at multiple levels. It also offers a detailed monitoring and reporting function of the entire Web environment at all times.

suisseID Logo

Airlock and SuisseID

Airlock enables all Web applications to accept SuisseID for authentication, without requiring any adaptations or updates. Complex single-sign-on scenarios in existing systems can also easily be realised.