Dual Web Application and API Protection (WAAP)

Test rule updates in production without risk or performance impact with Dual WAAP.


Learn About Edgio’s Security Solutions


Why Edgio Security

Control, Secure, And Monitor Your Application

Modern edge security combined with Edgio’s unique dual WAAP configuration, provides true defense-in-depth against a wide range of threats targeting web applications and APIs. Edgio is proud to provide holistic Web Application and API Protection, delivered from the edge in one single console, simplifying security for all of our customers


Our unique Dual WAAP/WAF allows for faster threat containment with lower effort by your teams.

Managed Security Services​

Our team brings proven expertise for comprehensive security and peace of mind. Click here to learn more

Advanced Bot Protection

Our advanced bot management platform offers unparalleled defense against evolving bot threats. Click to learn more.


Safeguarding your domain from cyber threats by adding a layer of cryptographic security to DNS lookup processes.

DDoS Protection

Harness AI-driven DDoS protection to proactively identify and neutralize emerging cyber threats at the edge. Click here to learn more.

Origin Shield

Enhances content delivery speeds, providing a seamless user experience even during high traffic spikes.

How We Help?

Boosts Security Without Sacrificing Performance

As DevSecOps teams strive to deliver new application features faster, they also face many challenges. Too often, the challenges are around security. With increasing vulnerability backlogs and new CVE’s being discovered at a faster higher rate each year (~5.5% increase YoY in 2023), many teams struggle to balance feature time to market with security risk.


To address this challenge, Edgio developed its unique Dual Web Application and API Protection (WAAP) capability, which allows teams to test security rules, in production, without the risk of impacting legitimate request traffic. This ability to test rules in a risk-free manner gives teams peace of mind, knowing they are deploying rules faster and more accurately than ever before.

How Dual WAAP works

Edgio Dual WAAP is essentially a separate “audit” WAAP, deployed inline and in front of a production WAAP (a WAAP in blocking mode), analyzing rule behavior against all application traffic without taking any mitigating actions.


After deploying a rule in Dual WAAP mode, DevSecOps teams can analyze the impact it would have against production traffic, without actually impacting that traffic. Teams can easily visualize the potential impact of a rule in Edgio’s Security Dashboard, or in their existing SIEM solutions. Once they are satisfied that a rule is working as intended, they can easily promote it to production (in under 60 seconds), shutting the door on any malicious attackers seeking to exploit the underlying vulnerability.


However, performance cannot be overlooked when it comes to web security. To address this ever-present concern, Edgio built its WAAP decision engine to meet the highest performance standards expected by our customers. We did this via our homegrown waflz engine, specifically designed to scale in a high-performance multi-tenant environment, with highly tuned rules combined in an efficient order of operations, reducing decision processing time down to milliseconds.
Additionally, Edgio’s entire security stack, including WAAP, is deployed across every one of our 300+ global edge locations, so no extra request routing needs to occur when evaluating request legitimacy.


The Benefits of Dual WAAP

The greatest benefit of Dual WAAP is faster threat containment with lower effort. With critical zero-day vulnerabilities affecting web applications components (both proprietary and open-source) discovered more frequently, companies rely heavily on their WAAP solutions for their virtual patching capabilities. Virtual patching gives development teams time to fix underlying vulnerabilities (update code, update libraries, etc.) on a more controlled timeline – as opposed to all-hands on deck fire drills – lessoning the impact on feature release schedules and product roadmaps.

With Dual WAAP, AppSec teams gain the information they need to make decisions, sooner and with greater accuracy. In turn, they can shorten their entire OODA feedback loop.


Edgio Dual WAAP functionality allows customers to not only test rules typically associated with traditional WAF-type custom rules (custom signatures, regex, etc.) but also custom rules specifically tailored to protect API’s or mitigate malicious bots.


The Dual WAAP capability is a differentiator for our customers that, when combined with Edgio’s unique WAAP Rules, provides true defense-in-depth against a wide range of threats targeting web applications and APIs. Edgio is proud to provide holistic Web Application and API Protection, delivered from the edge in one single console, simplifying security for all of our customers.


Customer Success Stories

“With the addition of Edgio’s Security solutions, we now have greater visibility on potential vulnerabilities, fewer false positives, and the speed required to deploy new rules and address attempted attacks efficiently and effectively.”

“Edgio helped us unite technology, processes, and people. The results speak for themselves. Edgio delivered.”

“High-quality viewing experience is critically important to us. With Edgio, we were able to move from an on-prem solution to a fully cloud-based solution without losing any control.”​

“We moved from Akamai because Edgio offered substantially better tools, pricing, and support. The platform is extremely reliable and robust, and your support team is quick to respond and resolve any issue. Edgio is just a better experience all around.”​