DataDog · michaelcretzman · May 23, 2025 · May 16, 2025 · May 21, 2025 · May 21, 2025
@@ -6641,6 +6641,16 @@ menu:
       parent: application_security_policies
       identifier: application_security_policies_ootb_rules
       weight: 2
+    - name: In-App WAF Rules
+      url: security/application_security/policies/inapp_waf_rules/
+      parent: application_security_policies
+      identifier: application_security_policies_inappwaf_rules
+      weight: 3
+    - name: Tracing Library Configuration
+      url: security/application_security/policies/library_configuration/
+      parent: application_security_policies
+      identifier: application_security_policies_tracing_lib
+      weight: 4
     - name: Exploit Prevention
       url: security/application_security/exploit-prevention/
       parent: application_security

@@ -7,16 +7,11 @@ aliases:
   - /security/application_security/enabling/compatibility
   - /security/application_security/enabling
   - /security/application_security/getting_started
+  - /security/application_security/threats
 further_reading:
 - link: "/security/application_security/how-it-works/"
   tag: "Documentation"
   text: "How App and API Protection Works"
-- link: "/security/application_security/threats/"
-  tag: "Documentation"
-  text: "App and API Protection"
-- link: "/security/code_security/software_composition_analysis/"
-  tag: "Documentation"
-  text: "Software Composition Analysis"
 - link: "https://www.datadoghq.com/product/security-platform/application-security-monitoring/"
   tag: "Product Page"
   text: "Datadog App and API Protection"
@@ -45,19 +40,36 @@ algolia:
 
 {{< img src="/security/application_security/app-sec-landing-page.png" alt="A security signal panel in Datadog, which displays attack flows and flame graphs" width="75%">}}
 
-Datadog App and API Protection (AAP) provides protection against application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). You can monitor and protect apps hosted directly on a server, Docker, Kubernetes, Amazon ECS, and (for supported languages) AWS Fargate.
+**App & API Protection (AAP)** provides unified visibility and security for your applications and APIs, helping you detect, investigate, and prevent threats across modern workloads.
+
+Whether you're defending public-facing APIs, internal services, or user-facing applications, AAP equips your teams with realtime OOTB threat detection, posture assessment, and in-app protections.
+
+<div class="alert alert-info">Formerly known as Application Security Monitoring (ASM), AAP now goes beyond runtime threat detection to include API discovery, posture management, and protection capabilities.</div>
 
-AAP leverages Datadog [tracing libraries][1], and the [Datadog Agent][2] to identify services exposed to application attacks. Once configured, AAP leverages in-app detection rules to detect and protect against threats in your application environment and trigger security signals whenever an attack impacts your production system, or a vulnerability is triggered from the code.
 
-When a threat is detected, a security signal is generated in Datadog. For `HIGH` or `CRITICAL` severity security signals, notifications can be sent to Slack, email, or PagerDuty to notify your team and provide real-time context around threats.
+## Key capabilities
 
-Once a security signal is triggered, quickly pivot to investigate and protect in Datadog. Leverage the deep observability data provided by AAP and APM distributed tracing, in one view, to resolve application issues. Analyze attack flows, view flame graphs, and review correlated trace and log data to pinpoint application vulnerabilities. Eliminate context switching by flowing through application data into remediation and mitigation steps, all within the same panel.
+### API discovery and posture management
 
-With AAP, you can cut through the noise of continuous trace data to focus on securing and protecting your environment.
+* Automatically detect all APIs exposed by your services.  
+* Identify unprotected, undocumented, or overly permissive endpoints.  
+* Get detailed, contextual findings tied to specific endpoints, misconfigurations, and observed behavior.  
+* Evaluate API configurations against posture rules based on security best practices and compliance frameworks (e.g., OWASP API Top 10).
 
-Until you fully remediate the potential vulnerabilities in your application code, AAP enables you to slow down attackers by blocking their IPs temporarily or permanently, with a single click.
+### Runtime threat detection and protection
 
-## Understanding how App and API Protection is implemented in Datadog
+* Detect real-time threats such as injection attacks, account takeover attempts, and application abuse.  
+* Correlate multi-signal attack patterns into actionable insights.  
+* Block malicious traffic with In-App WAF rules using attributes like IP, user agent, headers, and more.
+
+## Use cases
+
+* Protect customer data in production APIs  
+* Detect and block credential stuffing and ATO attacks  
+* Maintain API posture compliance across teams and environments  
+* Investigate incidents with correlated trace, log, and security data
+
+## AAP implementation in Datadog
 
 If you're curious how App and API Protection is structured and how it uses tracing data to identify security problems, read [How App and API Protection Works][3].
 
@@ -72,9 +84,10 @@ To start configuring your environment to detect and protect threats with AAP, fo
 In the [Security Signals Explorer][6], click on any security signal to see what happened and the suggested steps to mitigate the attack. In the same panel, view traces with their correlated attack flow and request information to gain further context.
 
 ## Disable AAP
+
 For information on disabling AAP or its features, see the following:
 
-- [Disabling threat management and protection][10]
+- [Disabling AAP][10]
 
 ## Next steps
 

@@ -119,10 +119,6 @@ Datadog reports the type of authentication when available in a header through th
 | Basic Authentication                              | `basic_auth`     |
 | Digest access authentication                      | `digest_auth`    |
 
-### Vulnerabilities count
-
-Counts the [Code Security][8] vulnerabilities on the endpoint , in addition to the [Software Composition Analysis][3] vulnerabilities of its service.
-
 ## Further reading
 
 {{< partial name="whats-next/whats-next.html" >}}
@@ -131,6 +127,6 @@ Counts the [Code Security][8] vulnerabilities on the endpoint , in addition to t
 [2]: /security/workload_protection/
 [3]: /security/code_security/software_composition_analysis/
 [4]: /agent/remote_config/
-[6]: /security/application_security/threats/library_configuration/#configuring-a-client-ip-header
+[6]: /security/application_security/policies/library_configuration/#configuring-a-client-ip-header
 [7]: https://app.datadoghq.com/security/appsec/inventory/apis
 [8]: /security/code_security/iast/
@@ -1,11 +1,13 @@
 ---
 title: Exploit Prevention
 disable_toc: false
+aliases:
+  - /security/application_security/threats/exploit-prevention
 further_reading:
 - link: "/security/application_security/"
   tag: "Documentation"
   text: "Protect against threats with Datadog App and API Protection"
-- link: "/security/application_security/threats/library_configuration/"
+- link: "/security/application_security/policies/library_configuration/"
   tag: "Documentation"
   text: "Other setup considerations and configuration options"
 - link: "https://www.datadoghq.com/blog/datadog-exploit-prevention/"

@@ -734,6 +734,6 @@ This is general guidance. Depending on your applications and environments, there
 [29]: /security/cloud_siem/guide/automate-the-remediation-of-detected-threats/
 [30]: https://app.datadoghq.com/security/appsec/detection-rules?query=type%3Aapplication_security%20tag%3A%22category%3Aaccount_takeover%22&deprecated=hide&groupBy=none&mitreFilters=%7B%22visualize%22%3A%7B%22value%22%3A%5B%22all%22%5D%2C%22excluded%22%3Afalse%7D%2C%22ruleDensity%22%3A%7B%22value%22%3A%5B%5D%2C%22excluded%22%3Afalse%7D%7D&sort=date&viz=rules
 [28]: https://app.datadoghq.com/security/appsec/in-app-waf?column=services-count&config_by=custom-rules
-[30]: /security/application_security/threats/inapp_waf_rules/
+[30]: /security/application_security/policies/inapp_waf_rules/
 [31]: /api/latest/spans/#aggregate-spans
 [32]: https://haveibeenpwned.com/
@@ -3,18 +3,18 @@ title: Set Up App and API Protection Products without using APM
 disable_toc: false
 ---
 
-Datadog AAP [Threat Management][1] and [Code Security][2] are built on top of [APM][3]. While Datadog recommends using these security products with APM and adopting DevSecOps practices, you can also use these security products without using APM. This configuration is referred to as Standalone App and API Protection. This guide explains how to set up Standalone App and API Protection.
+Datadog AAP is built on top of [APM][3]. While Datadog recommends using AAP with APM and adopting DevSecOps practices, you can also use these security products without using APM. This configuration is referred to as Standalone App and API Protection. This guide explains how to set up Standalone App and API Protection.
 
 ## Prerequisites
 
 This guide assumes you have the following:
 
 - **Datadog Agent:** [Install the Datadog Agent][6] and configure it for your application's operating system, container, cloud, or virtual environment.
-- **Supported Tracing Library:** The Datadog Tracing Library used by your application or service supports App and API Protection. For more details, see the guides for [App and API Protection][4] or [Code Security][5].
+- **Supported Tracing Library:** The Datadog Tracing Library used by your application or service supports App and API Protection. For more details, see the guide for [App and API Protection][4].
 
 ## Compatibility
 
-Standalone App and API Protection is currently supported for the following tracing library versions:
+Standalone App and API Protection is supported for the following tracing library versions:
 
 | Language | Version |
 | -------- | ------- |
@@ -31,12 +31,10 @@ Standalone App and API Protection is currently supported for the following traci
 
 Set up the Datadog Agent using the standard method for APM or App and API Protection setup, but set up the Tracing Library by adding the `DD_APM_TRACING_ENABLED=false` environment variable to the service that runs the Tracing Library.
 
-This environment variable will reduce the amount of APM data sent to Datadog to the minimum required by App and API Protection products. The environment variable can then be combined with environment variables to enable App and API Protection or Code Security.
+This environment variable will reduce the amount of APM data sent to Datadog to the minimum required by App and API Protection products. The environment variable can then be combined with environment variables to enable App and API Protection.
 
 For App and API Protection, add the `DD_APM_TRACING_ENABLED=false DD_APPSEC_ENABLED=true` environment variable.
 
-For Code Security, add the `DD_APM_TRACING_ENABLED=false DD_IAST_ENABLED=true` environment variable.
-
 
 [1]: /security/workload_protection/
 [2]: /security/application_security/code_security/