Web Application Shielding

Owned and operated by cybersecurity researchers and penetration testing professionals

Challenging the status quo of secure software and code remediation through a combination of application shielding and expert security services.

How we shield

How we shield:

- Industry-leading, upstream security solutions (WAF/CDN)
- Proprietary shield library
- All managed via expert security services

What we shield

What we shield:

- Websites and web applications
- Public and private APIs
- Portals, intranets, and extranets

Why we shield

Why we shield:

- Compliance (PCI, HIPAA)
- Failed pen tests
- Framework flaws
- Business logic flaws
- Bug bounties

How RedShield Works

Service Related

Understanding Known Issues
Loading test results and verify findings. Documenting and organizing all known issues.

Build an Advanced Shielding Plan
Identify relevant existing shields and define additional shields to be developed.

Develop Advanced Shield Objects
Develop and test level 1-5 complexity application-specific shield objects.

Ongoing Research & Incident
Prevention Reporting
Scanning, monitoring, deploying and reporting any relevant threat

Application Related

Test Base Policy
Automated deploy of proprietary base policy shields, scanning, and custom config of WAF, DDOS & SIEM

Reroute Traffic
DNS updates and all web application traffc routed through RedShield proxy

Deploy Advanced Shields
Address known vulnerabilities and business logic flaws

Application Scanning
100% vulnerability mitigation becomes a reality

Shielding never sleeps.

The RedShield library expands continuously capturing the latest advanced exploit techniques and deploying new shields making the pursuit of 100% vulnerability mitigation possible.

Know that you're shielded.

RedShield expert services continually monitor attacks and optimize shields based on your specific vulnerabilities. Our reporting details specific attacks aimed at your specific vulnerabilities and how those vulnerabilities were shielded. RedShield stands alone in our ability to report on relevant threat and vulnerability exploit prevention.

What it feels like to be Shielded

RedShield is a world first “cyber security as-a-service” offering that shields & protects web-apps. In a world of growing cyber-threat, high value apps are getting breached & attacked everyday, yet the nature of complex apps means they are often slow & expensive to update & fix. So how do you compete with nimble motivated hackers? With RedShield that’s how.

To understand RedShield put yourself in the shoes of one of our customers.

You're a CIO of a major corporate. You have 100 browser based applications that run the data in your organisation. Of these apps half of them are on the internet as your primary website, customer portal, partner portal, APIs for your mobile apps etc. The other half are internal only, but are still “web-apps” that process bookings, payments, HR, finance etc.

You’ve just had a full security audit performed & 80% of your apps have security flaws. But many of the apps are old, you don’t have the skilled staff on board to fix the problems, some were developed by 3rd parties so they have to fix the apps not you, & 10 of the apps were inherited from an acquisition 18 months ago & you don’t really know who even developed or owns them.

So now you have 80 apps that cannot be fixed tomorrow but are vulnerable to hackers today. Fortunately for you RedShield exists. For your internet facing apps you’ll updated your DNS (global address records) & tell the world that RedShield is your internet front-door & all of your traffic now comes through us. For your internal apps we’ll rapidly deploy a virtual RedShield private node inside your datacenter(s).

Next you’ll securely give us all of your failed penetration tests, audits & vulnerability scans.

Hours later 80% of your security flaws have vanished. Days later the next 10% of issues vanish. Weeks later all of your apps appear 100% secure against all of your issues. All without you touching a single line of code or updating any of your back-end apps. That’s what “getting shielded” feels like.

Then, without hiring a single extra FTE a global team of cyber-security experts are monitoring attacks on you, tuning shields, managing false positives and ensuring your once vulnerable apps are now being checked and shielded against new and emerging threats 24x7x365. That's what "staying shielded" feels like.

Case Studies

Learn more about how RedShield works through this comprehensive collection of case studies.

An Alternative to Application Redevelopment

A large, national health insurance provider conducted a routine penetration test on a critical web application uncovering a critical flaw.

Read More

Sharepoint Security Controls Inadvertently Blocking Legitimate Traffic

A large government agency using Microsoft SharePoint had been attempting to put important security controls in place for years.

Read More

API protection between financial institutions

A large insurance company was introducing a new application platform where their digital insurance products were to be white-labeled to partner bank websites.

Read More

Post breach protection of a financial portal

In the financial portfolio management business, the customer web portal is both critical to business continuity and customer experience and expensive to modify.

Read More

Response to a hacktivism political protest

After a public threat from a well-known hacktivist group, a prominent political party’s websites were subjected to sustained cyber attacks.

Read More

Protecting a hybrid cloud and on-premise deployment

A company wanted to move their ecommerce store workload to Amazon Web Services (AWS) but retain their customer care workloads in their own datacenters.

Read More

Specific design to address HIPAA requirements

As a cloud-based, client management software service provider serving the healthcare sector, storing and protecting Public Health Information (PHI) is an ongoing concern.

Read More

Security Patches unavailable for COTS software

As a power retailer maintaining millions of customer accounts, security of financial systems is central to the privacy of the customer and success of the business.

Read More

Harvesting of online offers

Online offers boost sales – no doubt. This company publishes online offers on specific dates and site visitors validate with email authentication to receive the offers.

Read More

At risk of losing PCI accreditation

As a payment transaction company processing millions of commercial transactions each day, maintaining the appropriate accreditation is a fundamental business requirement.

Read More

Deployment of a RedShield private node in the cloud

For large payment transaction providers, policy and regulatory requirements must be met while simultaneously optimizing cost.

Read More

Failed pen tests risking a key client’s tenure

An existing RedShield customer outsourced key operations functions to an online service provider.

Read More

Rapidly addressing 100s of issues post Boundary Review

For this mid-sized government department, approximately 100 browser-based applications run process essential data for the organization.

Read More

Deferring a security related COTS software upgrade

When public sector entities merge, IT system harmony and cost reductions are the order of the day; especially when the public is listening.

Read More

Application not designed to be secure

A major logistics company had followed a tender process to commission a complete logistics management application to move its entire operation to the web.

Read More

Protecting Commercially Sensitive Information

A large financial services company that regularly publishes commercially sensitive indicies was subject to extremely large legitimate traffic spikes that also contained malicious traffic.

Read More

Customer Portal Offline

A large organisation's customer portal has been exposed as insecure. RedShield provides a rapid solution to get it secure and back online.

Read More

Retail Chain Requiring Expert Vulnerability Management

Retail chain facing security threats over an extensive perimiter turns to RedShield to provide the solution.

Read More

White Papers

Learn more about how RedShield works with the following white papers.

Web Application Security for GDPR

The General Data Protection Regulation attempts to protect consumer data. Learn how RedShield can help your web application.

Read More

Six Misconceptions about RedShield

CTO Sam Pickles debunks 6 common misconceptions about application shielding.

Read More

RedShield Web Scraping Defense

Learn how RedShield can help protect your web applications from ever evolving web scrapers.

Read More

RedShield Efficacy

Learn more about the efficacy of RedShield, including 3rd party attestation by Coalfire.

Read More

EQUIFAX Timeline Factsheet

The EQUIFAX breach of 2017 compromised the data of millions worldwide. Learn how the breach progressed.

Read More

Cloud Application Security

Learn more about the Amazon Web Services Shared Responsibility model.

Read More

Open Letter to Security Researchers

Read RedShield's open letter to security researchers.

Read More