Web Application Shielding

Owned and operated by cybersecurity researchers and penetration testing professionals

Challenging the status quo of secure software and code remediation through a combination of application shielding and expert security services.

How we shield

How we shield:

- Industry-leading, upstream security solutions (WAF/CDN)
- Proprietary shield library
- All managed via expert security services

What we shield

What we shield:

- Websites and web applications
- Public and private APIs
- Portals, intranets, and extranets

Why we shield

Why we shield:

- Compliance (PCI, HIPAA)
- Failed pen tests
- Framework flaws
- Business logic flaws
- Bug bounties

How RedShield Works

Service Related

Understanding Known Issues
Loading test results and verify findings. Documenting and organizing all known issues.

Build an Advanced Shielding Plan
Identify relevant existing shields and define additional shields to be developed.

Develop Advanced Shield Objects
Develop and test level 1-5 complexity application-specific shield objects.

Ongoing Research & Incident
Prevention Reporting
Scanning, monitoring, deploying and reporting any relevant threat

Application Related

Test Base Policy
Automated deploy of proprietary base policy shields, scanning, and custom config of WAF, DDOS & SIEM

Reroute Traffic
DNS updates and all web application traffc routed through RedShield proxy

Deploy Advanced Shields
Address known vulnerabilities and business logic flaws

Application Scanning
100% vulnerability mitigation becomes a reality





Shielding never sleeps.

The RedShield library expands continuously capturing the latest advanced exploit techniques and deploying new shields making the pursuit of 100% vulnerability mitigation possible.

Know that you're shielded.

RedShield expert services continually monitor attacks and optimize shields based on your specific vulnerabilities. Our reporting details specific attacks aimed at your specific vulnerabilities and how those vulnerabilities were shielded. RedShield stands alone in our ability to report on relevant threat and vulnerability exploit prevention.


What it feels like to be Shielded

RedShield is a world first “cyber security as-a-service” offering that shields & protects web-apps. In a world of growing cyber-threat, high value apps are getting breached & attacked everyday, yet the nature of complex apps means they are often slow & expensive to update & fix. So how do you compete with nimble motivated hackers? With RedShield that’s how.

To understand RedShield put yourself in the shoes of one of our customers.

You're a CIO of a major corporate. You have 100 browser based applications that run the data in your organisation. Of these apps half of them are on the internet as your primary website, customer portal, partner portal, APIs for your mobile apps etc. The other half are internal only, but are still “web-apps” that process bookings, payments, HR, finance etc.

You’ve just had a full security audit performed & 80% of your apps have security flaws. But many of the apps are old, you don’t have the skilled staff on board to fix the problems, some were developed by 3rd parties so they have to fix the apps not you, & 10 of the apps were inherited from an acquisition 18 months ago & you don’t really know who even developed or owns them.

So now you have 80 apps that cannot be fixed tomorrow but are vulnerable to hackers today. Fortunately for you RedShield exists. For your internet facing apps you’ll updated your DNS (global address records) & tell the world that RedShield is your internet front-door & all of your traffic now comes through us. For your internal apps we’ll rapidly deploy a virtual RedShield private node inside your datacenter(s).

Next you’ll securely give us all of your failed penetration tests, audits & vulnerability scans.

Hours later 80% of your security flaws have vanished. Days later the next 10% of issues vanish. Weeks later all of your apps appear 100% secure against all of your issues. All without you touching a single line of code or updating any of your back-end apps. That’s what “getting shielded” feels like.

Then, without hiring a single extra FTE a global team of cyber-security experts are monitoring attacks on you, tuning shields, managing false positives and ensuring your once vulnerable apps are now being checked and shielded against new and emerging threats 24x7x365. That's what "staying shielded" feels like.


White Papers

Learn more about how RedShield works with the following white papers.

Web Application Security for GDPR

The General Data Protection Regulation attempts to protect consumer data. Learn how RedShield can help your web application.

Read More

Six Misconceptions about RedShield

CTO Sam Pickles debunks 6 common misconceptions about application shielding.

Read More

RedShield Web Scraping Defense

Learn how RedShield can help protect your web applications from ever evolving web scrapers.

Read More

RedShield Efficacy

Learn more about the efficacy of RedShield, including 3rd party attestation by Coalfire.

Read More

EQUIFAX Timeline Factsheet

The EQUIFAX breach of 2017 compromised the data of millions worldwide. Learn how the breach progressed.

Read More

Cloud Application Security

Learn more about the Amazon Web Services Shared Responsibility model.

Read More

Open Letter to Security Researchers

Read RedShield's open letter to security researchers.

Read More