Kontinent TLS Server Gains FSTEK Certification as a WAF Product
Kontinent TLS-server version 2.7.1.348 (Kontinent Web), developed by Russian cybersecurity vendor Kod Bezopasnosti, has received FSTEK certificate No. 4259 for a Type G firewall with a fourth-level protection class. The product can now be used as a certified web application firewall component in regulated segments.
The solution combines a TLS gateway with web application protection. Designed for publishing applications through gateway-based authentication, it defends against attacks. In version 2.7, Kod Bezopasnosti highlights expanded WAF functionality, including elements of machine learning, signature-based analysis, and integrated protection for web applications within a single system.
Reducing Dependence on Foreign Security Stacks
This certification is a key step for the cybersecurity market and import substitution, especially in protecting IT infrastructure. Certification is critical for government agencies, critical information infrastructure operators, state information systems, personal data systems, and large enterprises, where procurement and deployment are tied to regulatory requirements. The milestone signals continued movement toward trusted domestic cybersecurity stacks.
Certification also helps strengthen service resilience across government portals, online banking platforms, corporate portals, and regional digital services. Using certified domestic solutions reduces reliance on foreign security stacks and simplifies compliance with Russian security regulations.
For the country, this is a step toward building a domestic portfolio of certified cybersecurity solutions in web application protection and secure publishing. As web interfaces and APIs remain key attack surfaces, having local solutions in this category strengthens technological sovereignty and reduces risk for regulated sectors.
Toward Platform-Based Security Models
The FSTEK certification gives organizations an additional option for building secure external web perimeters on a domestic technology base, using a combined TLS and WAF model rather than assembling multiple point solutions. This move reflects a broader shift away from standalone WAF tools toward converged application and API protection platforms.
Kontinent TLS-server is most relevant in environments that require encrypted traffic, secure web publishing, authentication, and protection against web-based attacks at the same time. This is especially relevant for government agencies, large enterprises, industrial organizations, telecom operators, and the financial sector. Certification strengthens the product’s position as a trusted component within secure infrastructure.
The solution may also attract interest from governments and organizations that prioritize on-premises infrastructure, sovereign IT environments, and reduced reliance on Western cloud-based security services. That includes partner countries already adopting Russian cybersecurity technologies.
A Growing Range of Domestic WAF and WAAP Solutions
In 2023, Skolkovo resident SolidSoft certified its SolidWall WAF under FSTEK requirements for Class 4 firewalls, with certification renewed in April 2025 following testing of an updated version. This indicates that vendors are maintaining product lifecycles rather than treating certification as a one-time milestone. In January 2025, the platform VebmonitorEks received FSTEK certification. It is built around the ProWAF solution and extended with API security modules. In summer 2025, deliveries began for the certified UserGate WAF as a standalone product.
Within just a few years, the Russian market has evolved from a handful of isolated solutions to a full lineup of domestic WAF and WAAP offerings.
In 2024–2025, the global market began shifting from traditional WAF toward the broader WAAP model. F5 is now positioned among the leaders in Web Application and API Protection with a platform that combines WAF, bot mitigation, API security, DDoS protection, and analytics. Microsoft also transitioned Azure Application Gateway WAF to a policy-based model with improved scalability and advanced capabilities. Application protection is increasingly becoming platform-based both in Russia and globally.
Moving Beyond Standalone WAF
The certification highlights the growing maturity of Russia’s cybersecurity market. Kod Bezopasnosti is strengthening its position in securing external web perimeters by offering a unified product tailored for regulated deployments. A domestic market for certified web application security solutions is taking shape, with rising competition. What is emerging is no longer a fragmented set of tools but a distinct product category critical for import substitution in government, critical infrastructure, and large enterprise systems.
Experts expect demand to shift from standalone WAF products to platforms that combine web application and API protection with remote access, authentication, bot mitigation, telemetry, and integration with SOC and SIEM systems. In this context, the certification of Kontinent Web reflects a broader trend of Russian cybersecurity vendors developing local equivalents of the global WAAP model, adapted to regulatory requirements and customer needs.
