Home/ Products/ StenaGuard
WAF · Security · Proprietary IP Active

StenaGuard
WAF

WebconstructGlobal's proprietary Web Application Firewall. Engineered from the ground up for the threat landscape facing South African enterprises — L3 to L7 coverage, a custom rule DSL, bot detection, DDoS mitigation, and a real-time attack telemetry console.

TypeProprietary IP · Internal + client deployments
Latency<2ms added per request
CoverageL3–L7 · OWASP Top 10 · Custom rules
StenaGuard — Threat Console Live
1,482Blocked today
99.97%Uptime
3Active alerts
1.3msAvg latency
Live Threat Feed
HIGH SQLi Attempt 41.204.167.x · ZA Rule: SQLI-001 BLOCKED
MED XSS Payload 196.25.89.x · ZA Rule: XSS-004 BLOCKED
HIGH Auth Brute Force 93.184.x.x · RU Rule: RATELIM-AUTH BLOCKED
LOW Bot Scan 104.21.x.x · US Rule: BOT-CRAWL CHALLENGED
MED Path Traversal 92.118.x.x · NL Rule: PATH-TRAV-002 BLOCKED
Rule engine v2.4.13 custom rules active
Threat Engine

Full-spectrum protection.
L3 to L7.

StenaGuard sits inline on every request — inspecting, scoring, and acting in under 2ms. Detection logic covers the OWASP Top 10, protocol anomalies, bot fingerprinting, rate-based DDoS patterns, and credential-stuffing signatures. Everything configurable per tenant, per route, per method.

  • OWASP Top 10 — SQLi, XSS, Path Traversal, SSRF, XXE
  • L3/L4 DDoS detection and rate-limit response
  • Bot fingerprinting and challenge (CAPTCHA / JS proof)
  • Credential stuffing detection via velocity analysis
  • IP reputation scoring with SA-specific threat intelligence
  • TLS 1.3 enforcement · Certificate transparency monitoring
Protection Layer Stack
L3 · Network IP reputation · DDoS volume thresholds Active
L4 · Transport TCP flood · SYN rate limiting Active
L6/L7 · Application OWASP · Bot detection · Auth abuse Active
Custom Rule DSL Client-defined rules · Regex + logic 3 rules live
Custom Rule DSL — Example Rules
RULE block-za-fraud-ips
IF ip.reputation_score > 80
AND geo.country = "ZA"
AND request.path MATCHES "/api/payments/*"
THEN BLOCK LOG
RULE rate-limit-login
IF request.path = "/auth/login"
AND ip.requests_per_min > 12
THEN RATELIMIT 429 LOG
Deployed to 4 tenantsValidated · No conflicts
Custom Rule DSL

Rules in plain
security logic.

StenaGuard ships with a proprietary rule DSL that lets security engineers express complex conditions in readable syntax — without touching code. Rules compile to an optimised internal representation evaluated per-request with zero regex backtracking penalties. Tenant isolation ensures rules from one client never affect another.

  • Human-readable DSL — IF/AND/OR/THEN/ELSE logic
  • IP, Geo, Header, Body, Path, Method predicates
  • Actions: BLOCK · ALLOW · CHALLENGE · RATELIMIT · LOG
  • Rule validation before deployment — no silent failures
  • Tenant-scoped rule namespacing
Get Started

The organizations that decide faster
win permanently.

Request access to WebconstructGlobal. Our team will design a deployment plan tailored to your operational environment — and have you live within a week.

No commitment required. Typically responded to within one business day.