Web Application Shielding

Owned and operated by cybersecurity researchers and penetration testing professionals

Challenging the status quo of secure software and code remediation through a combination of application shielding and expert security services.

How we shield

How we shield:

- Industry-leading, upstream security solutions (WAF/CDN)
- Proprietary shield library
- All managed via expert security services

What we shield

What we shield:

- Websites and web applications
- Public and private APIs
- Portals, intranets, and extranets

Why we shield

Why we shield:

- Compliance (PCI, HIPAA)
- Failed pen tests
- Framework flaws
- Business logic flaws
- Bug bounties

How RedShield Works

Service Related

Understanding Known Issues
Loading test results and verify findings. Documenting and organizing all known issues.

Build an Advanced Shielding Plan
Identify relevant existing shields and define additional shields to be developed.

Develop Advanced Shield Objects
Develop and test level 1-5 complexity application-specific shield objects.

Ongoing Research & Incident
Prevention Reporting
Scanning, monitoring, deploying and reporting any relevant threat

Application Related

Test Base Policy
Automated deploy of proprietary base policy shields, scanning, and custom config of WAF, DDOS & SIEM

Reroute Traffic
DNS updates and all web application traffc routed through RedShield proxy

Deploy Advanced Shields
Address known vulnerabilities and business logic flaws

Application Scanning
100% vulnerability mitigation becomes a reality

Shielding never sleeps.

The RedShield library expands continuously capturing the latest advanced exploit techniques and deploying new shields making the pursuit of 100% vulnerability mitigation possible.

Know that you're shielded.

RedShield expert services continually monitor attacks and optimize shields based on your specific vulnerabilities. Our reporting details specific attacks aimed at your specific vulnerabilities and how those vulnerabilities were shielded. RedShield stands alone in our ability to report on relevant threat and vulnerability exploit prevention.

Case Studies

Learn more about how RedShield works through this comprehensive collection of case studies.

An Alternative to Application Redevelopment

A large, national health insurance provider conducted a routine penetration test on a critical web application uncovering a critical flaw.

Read More

Sharepoint Security Controls Inadvertently Blocking Legitimate Traffic

A large government agency using Microsoft SharePoint had been attempting to put important security controls in place for years.

Read More

API protection between financial institutions

A large insurance company was introducing a new application platform where their digital insurance products were to be white-labeled to partner bank websites.

Read More

Post breach protection of a financial portal

In the financial portfolio management business, the customer web portal is both critical to business continuity and customer experience and expensive to modify.

Read More

Response to a hacktivism political protest

After a public threat from a well-known hacktivist group, a prominent political party’s websites were subjected to sustained cyber attacks.

Read More

Protecting a hybrid cloud and on-premise deployment

A company wanted to move their ecommerce store workload to Amazon Web Services (AWS) but retain their customer care workloads in their own datacenters.

Read More

Specific design to address HIPAA requirements

As a cloud-based, client management software service provider serving the healthcare sector, storing and protecting Public Health Information (PHI) is an ongoing concern.

Read More

Security Patches unavailable for COTS software

As a power retailer maintaining millions of customer accounts, security of financial systems is central to the privacy of the customer and success of the business.

Read More

Harvesting of online offers

Online offers boost sales – no doubt. This company publishes online offers on specific dates and site visitors validate with email authentication to receive the offers.

Read More

At risk of losing PCI accreditation

As a payment transaction company processing millions of commercial transactions each day, maintaining the appropriate accreditation is a fundamental business requirement.

Read More

Deployment of a RedShield private node in the cloud

For large payment transaction providers, policy and regulatory requirements must be met while simultaneously optimizing cost.

Read More

Failed pen tests risking a key client’s tenure

An existing RedShield customer outsourced key operations functions to an online service provider.

Read More

Rapidly addressing 100s of issues post Boundary Review

For this mid-sized government department, approximately 100 browser-based applications run process essential data for the organization.

Read More

Deferring a security related COTS software upgrade

When public sector entities merge, IT system harmony and cost reductions are the order of the day; especially when the public is listening.

Read More

Application not designed to be secure

A major logistics company had followed a tender process to commission a complete logistics management application to move its entire operation to the web.

Read More

Protecting Commercially Sensitive Information

A large financial services company that regularly publishes commercially sensitive indicies was subject to extremely large legitimate traffic spikes that also contained malicious traffic.

Read More