Web Application Security with IAM, WAAP and MFA

Protect web applications and APIs with Web Application Security

Web applications and APIs are points of access to company data and applications. Customers and employees can access information quickly and easily at any time from anywhere. Cybercriminals also use these gateways. Around 60% of all successful cyberattacks are the result of insufficiently protected web applications.

Strengthen your web application security with WAAP

Use our Web Application Security to protect your company data from unauthorised access via web applications and keep your IT infrastructure secure when opening up the web environment to external ecosystems and cross-system digitisation projects. Central Web Application and API Protection (WAF) and strong Identity and Access Management (IAM) effectively protect web applications from attack and unauthorised access. We offer protection from known OWASP risks and use anomaly detection and QoS to improve the security and availability of your web-based IT services.

Are you looking for an experienced WAAP security provider?

Our service is based on solutions from leading providers of web application firewall (WAF) and IAM solutions. It protects your users, applications and data from identity theft and other online attacks. While the web application firewall (WAF) and IAM verify and allow authorised access attempts, the additional modules detect and block bot attacks, unauthorised API access attempts and other anomalies.


Identity federation is used if reconciliation is required across system boundaries to enable the anonymisation of individual information. This also enables a secure reconciliation of identity and authentication information between different organisations’ IT infrastructures.


In addition to meeting the most demanding compliance requirements, the solution is highly scalable, permitting short time-to-market cycles. The simple, intuitive processes also add significant value for your users. The high usability of our central security infrastructure ensures positive customer experiences, inspires trust and creates positive associations with your brand, bringing you closer to your customers.

Your benefits

Requirements-based performance models (SaaS, dedicated servers)

Data storage and operation exclusively in Switzerland (ISO 27001)

Many years of expertise with a broad range of services and scalability

When is it the right solution?

Are you looking for a centrally controllable, highly available and secure solution to protect your ecosystem, including web applications and mobile solutions? Do you want your web application and API protection (WAAP) provider to offer a wide range of additional, modular cyberdefence solutions, such as Threat Detection & Response (TDR) or Secure Operations Center (SOC)?

Web Application Security from Swisscom gives you a cost-efficient, standardised solution that can be individually adapted to your requirements. Different models are available for operation.

What’s in it for you:

  • State-of-the-art solution for Web application security
  • WAAP, customer IAM, API interfaces and MFA
  • Operation in the cloud, on VM or in container environment

Swiss mobile telecommunications partnership

Why Swisscom?

  • Market leader: Switzerland’s largest competence centre for Ergon Informatik’s Airlock
  • Field-tested: many years of expertise in industries with the highest security requirements
  • Needs-based: comprehensive, flexible services with varying scope

Get started with Web Application Security

The first step

Let us introduce you to the world of Web Application Security and support and guide you with our expertise.


Web Application Security factsheet

  • “Swisscom is a highly experienced Airlock partner.”

    Roman Hugelshofer, Ergon Informatik AG
    Managing Director Application Security

    Portrait Stefan Tschumi

Web Application Security

Managed Security Services

Firewall, WAAP and IAM

  • Web application firewall (WAF) and API protection plus a flexible IAM solution
  • Advanced protection against OWASP’s Top 10 security risks based on real-time threat data
  • Modular structure with encapsulated functions and add-ons such as single-sign-on (SSO) and geofencing
  • ISO 27001-certified, Switzerland-based data centres with data storage also in Switzerland
Maximum scalability thanks to managed service solution (SaaS) for WAF and IAM.

Dedicated environment

Highly secure and powerful


Expert advice on web application protection, APIs and access control

Multi-factor authentication (MFA)

Maximum authentication security

Additional information

Core Banking Radar Image

Connectivity and open banking

Intelligent core banking systems are open to external innovations and increasingly rely on digital ecosystems.


Advanced Persistent Threats (APT)

Fraud prevention in banking

Our platinum partnership

Ergon Informatik AG

Intelligent core banking systems are open to innovations from the outside and increasingly rely on digital ecosystems.

Secure corporate payment transactions

Drawing on many years of industry experience and in-depth expertise, we are an Airlock Platinum integration partner.

Swisscom partners

Do you have any questions regarding Web Application Security? Get in touch.