ContractShield
Intelligent Web Application Firewall that protects APIs in real-time against OWASP Top 10 attacks, injection attempts, and SSRF.
Features
Properties
- Lightweight
Features
- No Tracking
- SQL Injection Protection
- Web Application Firewall
Tags
- ssrf-prevention
- owasp
- rate-limiting
- api-security
- Web Application Security
- middleware
- Cybersecurity
- api-protection
ContractShield News & Activities
Recent activities
- ContractShield added ContractShield
ContractShield added ContractShield as alternative to Imperva Bot Management and Prophaze Cloud WAF
ContractShield information
Developed by
zeekmartin Licensing
Open Source (Apache-2.0) and Freemium product.Pricing
Subscription that costs up to $500 per month + free version with limited functionality.Written in
Alternatives
2 alternatives listedSupported Languages
- English
- French
AlternativeTo Categories
Network & Admin, Security & PrivacyGitHub repository
- 0 Stars
- 0 Forks
- 0 Open Issues
- Updated
What is ContractShield?
ContractShield is a Web Application Firewall (WAF) designed to protect web applications and APIs in real-time. It defends against OWASP Top 10 attacks including SQL injection, cross-site scripting (XSS), command injection, prototype pollution, SSRF (Server-Side Request Forgery), and path traversal attempts.
ContractShield provides endpoint-specific validation rules, configurable rate limiting, and request body inspection. It supports both monitor and block modes, allowing teams to observe threats before enforcing rules. Available as an npm package for Node.js/Express and a Python SDK for FastAPI/Django, it integrates directly into existing application code with minimal configuration through a simple YAML policy file.
Built in Switzerland, ContractShield is designed for SMBs and mid-market companies looking for enterprise-grade API protection without the complexity of traditional WAF solutions.