Forrester names Google a Leader in The Forrester Wave™: Infrastructure as a Service (IaaS) Platform Native Security Q2 2023. Access the report.
Jump to

Web App and API Protection (WAAP)

Protect your applications and APIs against threats and fraud, help ensure availability and compliance.

Try our new Security & Resilience Framework Discovery platform and get recommendations.


Proven protection for apps in the cloud, on-premises, or hybrid deployments

Protect against existing and emerging threats

Anti-DDoS, anti-bot, WAF, and API protection help you protect against new and existing threats while helping you keep your apps and APIs compliant and continuously available.

Simplify operations

Reduce the number of vendors you work with to protect your apps; leverage integrations with Google Cloud tools for consolidated management and visibility.

WAAP anywhere, for less

Get proven, comprehensive protection of applications and APIs from a single vendor while potentially saving 50%–70% over competing solutions.

Key features

Protect applications and APIs with a comprehensive solution

Get support and protection against modern internet threats with Cloud Armor, reCAPTCHA Enterprise, and Apigee—all from Google Cloud.

Cloud Armor

Protect your applications from DDoS attacks, filter incoming web requests by geo or a host of L7 parameters like request headers, cookies, or query strings with Cloud Armor. Cloud Armor is also a full-fledged web application firewall (WAF), and contains preconfigured rules from ModSecurity Core Rule Set to prevent against the most common web attacks and vulnerability exploit attempts.

reCAPTCHA Enterprise

Defend your website from fraudulent activity, spam, and abuse like scraping, credential stuffing, automated account creation, and exploits from automated bots. reCAPTCHA Enterprise uses an adaptive risk analysis engine to keep automated software from engaging in abusive activities on your site.


Build security into your APIs in minutes. Out-of-the-box policies enable developers to augment APIs with features to control traffic, enhance performance, and enforce security. Apigee provides for a positive security model understanding the structure of API requests so it can more accurately distinguish between valid and invalid traffic.

High-level Solution Architecture


Explore documentation for Web Application and API Protection

Use the assets below to learn more about how WAAP can help you protect your apps anywhere to address modern threats.

Meeting the challenges of securing modern web apps with WAAP

Modern web applications have introduced new security challenges. Read this ESG whitepaper to learn more about meeting and addressing those challenges.

Best Practice
Best practices for securing your apps and APIs using Apigee

Read more about the best practices that can help you to secure your applications and APIs using Apigee API management and other Google Cloud products.

What's new

What's new

Sign up for Google Cloud newsletters to receive product updates, event information, special offers, and more.