01
⚡ Kernel Power · Linux OnlyeBPF / XDP Kernel-Level Blocking
Shibuya drops an XDP hook directly in the Linux kernel. Packets from known-malicious IPs get killed before they ever reach your application or even the WAF itself. IP blacklists stored in eBPF maps for O(1) lookup on millions of IPs. SYN flood protection included. Toggle on/off at runtime via Admin API — no restart needed.
XDP hookeBPF mapsSYN floodO(1) lookupruntime toggle
⚡ Blocking latency: ~1 microsecond — faster than any userspace WAF possible
02
🧠 AI Security · ExplainableDual ML Engine with SHAP Explainability
Two independent ML models run in parallel: an IsolationForest (via ONNX runtime) detects anomalies, and a Random Forest classifies attacks across 10 classes: SQLi, XSS, RCE, SSRF, XXE, SSTI, NoSQLi, Path Traversal, Command Injection, Benign. SHAP-like explainability shows exactly which top-5 features triggered the alert. Human-in-the-loop feedback loop. A/B model testing. Data drift detection.
IsolationForestRandom ForestONNX runtimeSHAP explainA/B testingdrift detection
🧠 ML inference <5ms · 10 attack classes · full confidence scoring
03
🛡️ OWASP Standard · ModSec Compatible615+ CRS Rules — Full ModSecurity-Compatible Engine
Native SecRule parser with the full OWASP Core Rule Set — the enterprise-standard ruleset used worldwide. Every operator: @rx @pm @detectSQLi @detectXSS @ipMatch @validateByteRange. Anomaly scoring with 4 paranoia levels. ReDoS protection built-in. Rules hot-reload without downtime. Custom rule creation via Admin API or CLI.
942xxx SQLi941xxx XSS932xxx RCE930xxx LFI920xxx ProtocolReDoS guardhot-reload
🛡️ 615 rule files · 4 paranoia levels · hot-reload in production
04
🧩 Extensibility · Any LanguageWASM Plugin System — Extend in Any Language
Extend Shibuya with WebAssembly plugins written in any language — Rust, Go, C, AssemblyScript, anything that compiles to WASM. Each plugin runs in a fully sandboxed environment with configurable memory limits, execution time caps, and fuel budgets. A host API lets plugins inspect and modify requests in real-time. No other open-source WAF has this.
any languagesandboxedmemory limitstime limitsfuel budgethost API
🧩 Any language → WASM → instant Shibuya plugin, zero core changes
05
🎭 Zero-Risk · Test in ProdShadow Mode + Traffic Replay Engine
Deploy new rules to production without any risk. Shadow mode logs what would have been blocked — without blocking anything. Configurable per-route, per-percentage (0–100%). Request replay engine captures real traffic to PostgreSQL and replays it against new policy versions, generating a full diff report: "old policy vs new policy" — with zero production impact.
per-route shadow0–100% capturePostgreSQL storereplay enginediff reports
🎭 Test policy changes on real traffic — zero risk, full insight
06
📐 API-First · Schema-DrivenNative GraphQL + OpenAPI Protection
Import your OpenAPI 3.x spec and Shibuya auto-generates positive security rules — only documented endpoints, methods, and schemas are allowed. GraphQL gets: depth analysis, complexity scoring, alias count validation, batch size limits, and introspection blocking. JWT validation and OAuth 2.0 for API auth. Response validation to catch data leakage on the way out.
OpenAPI 3.xpositive securityGraphQL depthcomplexity limitJWT/OAuthresponse validation
📐 Import spec → instant API protection with zero rules written manually
07
Ashigaru Lab — A Complete Vulnerable Attack Environment, Shipped With Shibuya
No other WAF on the market ships with a built-in attack lab. Ashigaru is a full Docker-based environment with 6 deliberately vulnerable services — real exploitable vulnerabilities — so you can validate the WAF against actual attacks, not synthetic benchmarks. A Red Team Bot automates attacks. The War Room provides a full test suite dashboard. Test everything before you go live.
Express REST (5 vulns)React SSR (XSS+RCE)Flask AI (Prompt Injection)Apollo GraphQLPHP Legacy (SQLi+LFI)Red Team Bot
🔥 Real vulnerabilities · Real attacks · Real WAF validation — included, free
ASHIGARU — 6 VULNERABLE SERVICES
SQLi × 5Express Gateway
REST API
XSS + RCEReact Frontend
SSR attacks
Prompt InjectionFlask AI Search
LLM bypass
GraphQL AttacksApollo Engine
Depth + batch
SQLi + LFIPHP Legacy
Classic vulns
🤖 AutoRed Team Bot
Full attack suite
08
🏢 Enterprise Grade · $0 CostMulti-Tenancy + RBAC + LDAP + Federated Learning
Built for teams and enterprises at zero cost. Full multi-tenancy with tenant isolation, RBAC for role-based dashboard access, LDAP integration for enterprise SSO, OAuth 2.0. Federated Learning module shares threat intelligence across WAF nodes. Post-Quantum Cryptography for future-proof TLS. Hardware attestation via TPM. Dynamic SBOM for supply chain monitoring.
multi-tenancyRBACLDAP/SSOfederated learningpost-quantum TLSTPM attestationSBOM
🏢 Enterprise features that competitors charge thousands/month for — free
09
🤖 Next-Gen · No SecRule NeededNLP Policies + AI Virtual Patching in 30 Seconds
Write security policies in plain English with the NLP policy engine — no SecRule syntax required. The AI Virtual Patching module automatically generates WAF rules from CVEs. Integrates with Burp Suite, nuclei, and ZAP — when a scanner finds a vulnerability, Shibuya blocks it in 30 seconds, without touching a single line of application code. Promote to permanent rule with one click.
NLP policiesAI patchingBurp Suitenuclei/ZAPCVE-to-blockone-click promote
🤖 Scanner finds CVE → WAF blocks in 30 seconds, zero code changes