Bulwark Docs
Ask or search…


Explore our guides and tutorials to get started quickly!

This is a beta test.

Bulwark is being released in an early public beta test state. It is not yet ready for production usage, but you can experiment with it and see the Roadmap to understand where the project is headed.

What is Bulwark?

Bulwark is a fast, modern, open-source web application security engine that makes it easier than ever to implement resilient and observable security operations for your web services. It is designed around a user-friendly detection-as-code pattern. Security teams can quickly compose powerful detections from reusable building-blocks while unburdening product application logic from the increased complexity of domain-specific controls.


With Bulwark, every detection is written in a general-purpose programming language and executed within a secure sandbox. Detections are expressive and can be customized to meet domain-specific needs. They can be tested, their behavior verified, and then easily combined to form comprehensive detection suites.
Detections can be checked into source-control and versioned like any other codebase. This makes reviewing changes straightforward and can help organizations meet their compliance obligations.

Security Detections

Bulwark is designed to address a wide range of security challenges. Detections may target unwanted scans, exploits, credential stuffing, password spraying, brute-forcing, session hijacking, and many other security use-cases. Bulwark's APIs enable a wide range of capabilities while giving plugin authors all of the tools needed to ensure decision results are accurate.

Anti-Fraud Detections

In addition to security, Bulwark can host anti-fraud functionality. Bulwark's API provides mechanisms that enable detections to operate on information that would normally only be accessible to application logic. Bulwark plugins can read encrypted cookies, make calls to internal authentication and authorization services, and even interact with third-party APIs, if granted the appropriate permissions. Permission grants provide a transparent account of exactly what plugins may do while the sandbox ensures they do not exceed their authority.
These ingredients make Bulwark very effective for hosting anti-fraud and business logic security functions. Because Bulwark can be deployed at a network ingress, interior services can be protected from high-volume fraud activity that might otherwise overwhelm anti-fraud systems embedded within an application itself.
Last modified 1mo ago