Join the CTF competition for the Airlock Gateway now.

Airlock® protects more than 30,000 business-critical web applications and APIs from attacks and unwanted visitors worldwide. One of the components, called Airlock Gateway, serves as Web Application and API Protection (WAAP). It acts as a reverse proxy and blocks any malicious requests like cross-site-scripting (XSS) attacks. Through this bug bounty programme, the security features of Airlock Gateway are put to the test.

This programme differs from others in the sense that it is set up like a capture-the-flag (CTF) competition. The goal is to bypass the security features of Airlock Gateway. The implementation details of web applications and their related vulnerabilities are provided so that it would be trivial to exploit them without a web application firewall (WAF).

Below is an example of a XSS filter evasion attack.
Let’s assume a web application has an XSS vulnerability, where you can modify the INJECTION placeholder:

Hackers, who are able to execute the alert() function, will be rewarded with several hundred dollars for every unique idea on how to bypass the WAF filters.


Example attacks:

In these challenges, Airlock Gateway is placed in front of multiple web applications and APIs that contain known vulnerabilities, such as XSS vulnerabilities. The goal is to exploit these vulnerabilities despite the application protection, thereby ensuring that Airlock Gateway does not block all attacks.

The security filters of Airlock Gateway are configured in the same way as if they would be used in a normal production deployment – no paranoia mode.


What we are looking for:

The security of our customers’ systems has always been our top priority — and we need you to keep it at top level.


What you will get from us:


Key areas of focus include:


This is an invite-only programme for selected hackers. We are committed to working closely with qualified security researchers to ensure our products are meet the highest security standarts.

Join now!




Airlock® is a security innovation by Ergon Informatik AG