Application Protection

Sqreen combines multiple types of protections together to provide the best to your applications.

Each protection can be fully reviewed and configured from your dashboard.

Runtime application self protection (RASP)

RASP uses the app's runtime context to automatically protect against critical vulnerabilities including zero-day attacks.

RASP prevents attackers from exploiting your application's potential vulnerabilities. Just before an attacker triggers a vulnerability, Sqreen blocks the related request. A detailed report guides you and your team through fixing the vulnerability. Learn more about how Sqreen works

The Sqreen RASP covers the following vulnerabilities:

  • SQL injection.
  • NoSQL injection.
  • Local file inclusion (also known as path traversal).
  • Shell injection.
  • Shellshock.
  • Reflected XSS.

Frequent releases add more vulnerability protections and technology support. Sqreen automatically fingerprints your application and applies the matching protections.


RASP inspects your application's traffic in real-time. RASP can induce a minimal performance impact on the application. On average we see an overhead of less than 5%.

You can set advanced performance thresholds for sensitive parts of your applications.


Data privacy is one of our primary focuses at Sqreen.

Should a vulnerability trigger in your application's code, the Sqreen agent scrubs all Personally Identifiable Information (PII).

In-app WAF

Web Application Firewall analyzing HTTP requests provides a first line of defense easy to start with.

WAF can detect attackers early on and slow down their attempts. It also provides first mitigations against zero-day vulnerabilities.

Enabling a WAF also enables you to fulfill some compliance requirements.

When combined with RASP, the application can leverage from the best of both worlds.

Sqreen in-app WAF can scale with your application and match the right rules automatically for your stack.

No matter how you deploy your applications - Kubernetes, PaaS like Heroku or bare metal - the Sqreen In-app WAF always lives in the application.

The In-app WAF comes with the following rule sets:

  • Web Security scanners
  • Application fingerprinting
  • SQL injection
  • Cross-site scripting

Security headers

Modern browsers come with a lot of built-in security, preventing some vulnerabilities like Cross-Site Scripting to happen on the client-side.

Those security mechanisms materialize as security headers, set on the server-side, based on the activity the application performs (using iFrame, rendering templates, etc).

Sqreen enables you to configure the following security headers right from your dashboard, without requiring you to change a single line of code:

  • X-Frame-Options, to protect against click-jacking.
  • X-Content-Type-Options, to protect against MIME sniffing.
  • X-XSS-Protection, to prevent some reflected XSS to execute.
  • Referrer-policy, to prevent referrer leakage.

Content security policy

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and injection attacks.

Sqreen's approach to CSP enables you to monitor violations and build your policy interactively, step by step. When you're confident, you can enforce it from the dashboard.