Originally published on Medium
A student developer from Cameroon built a security tool that explains exactly why it blocked a request. Here’s the story and how to install it in 30 seconds.
Press enter or click to view image in full size
As a PHP developer in Africa, you already know the problem: your apps get hit by automated bots, SQL injection attempts, and XSS attacks every single day — and most security tools built to stop them are either too expensive, too complex, or built by people who have never touched an African server in their life.
I built Kriosa to fix that.
What is Kriosa?
Kriosa is an AI-powered Web Application Firewall for PHP and Laravel apps. It uses a hybrid Machine Learning engine — combining Random Forest and Neural Networks — to detect and block threats before they reach your application. But the part that makes it different from every other WAF is the Explainable AI dashboard.
Most WAFs are a black box. They block a request and tell you nothing. Kriosa tells you exactly why it blocked it — which features of the request triggered the ML model, what the confidence score was, and what attack pattern it matched. As a developer, that means you are not just protected — you understand what happened.
What it catches:
SQL Injection attempts
Cross-Site Scripting (XSS)
Path Traversal attacks
Malicious bot detection
Rate limiting abuse
And 25+ other attack vectors
Install it in 30 seconds:
For Laravel:
//Step 1 — Install via Composer
composer require kriosa-ai/kriosa-php
//Step 2 — Add to your .env file
KRIOSA_API_KEY=sk_your_api_key_here
KRIOSA_TIMEOUT=5
KRIOSA_DEBUG=false
KRIOSA_BADGE=true
//Step 3 — Create config/kriosa.php
// config/kriosa.php
return [
'api_key' => env('KRIOSA_API_KEY'),
'timeout' => env('KRIOSA_TIMEOUT', 5),
'debug' => env('KRIOSA_DEBUG', false),
];
//Step 4 — Create the Middleware
// app/Http/Middleware/KriosaSecurity.php
use Closure;
use Kriosa;
use Illuminate\Http\Request;
class KriosaSecurity
{
public function handle(Request $request, Closure $next)
{
$apiKey = config('kriosa.api_key');
// Skip if no API key configured
if (!$apiKey) {
return $next($request);
}
try {
$kriosa = new Kriosa($apiKey, [
'timeout' => config('kriosa.timeout', 5),
'debug' => config('kriosa.debug', false),
]);
if (!$kriosa->protect()) {
return response('Access denied', 403);
}
} catch (\Exception $e) {
// Fail open — don't block users if Kriosa is unreachable
report($e);
}
return $next($request);
}
}
//Step 5 — Register the Middleware
// app/Http/Kernel.php
protected $middleware = [
// ... existing middleware
\App\Http\Middleware\KriosaSecurity::class,
];
// OR apply to specific routes only:
// routes/web.php
Route::middleware(['kriosa'])->group(function () {
Route::get('/dashboard', [DashboardController::class, 'index']);
});
Then add the middleware to your app/Http/Middleware/KriosaMiddleware.php:
For PHP
Or Download and use the SDK
//Step 1 — Install via Composer
composer require kriosa-ai/kriosa-php
//or download kriosa.php
<?php
// Add this to your index.php or front controller
require_once __DIR__ . '/kriosa.php'; // for downloaded
require_once 'vendor/autoload.php'; // for composer install
//KTIOSA_API_KEY FROM YOUR .ENV FILE
$apiKey = getenv('KRIOSA_API_KEY') ?: 'YOUR_API_KEY_HERE';
try {
$kriosa = new Kriosa($apiKey, [
'timeout' => 3,
'debug' => false,
'fail_closed' => false,
'show_badge' => true,
]);
if (!$kriosa->protect()) {
header('X-Kriosa-Blocked: true');
http_response_code(403);
exit('Access Denied');
}
} catch (Exception $e) {
error_log('Kriosa Security Error: ' . $e->getMessage());
}
// Your application continues safely here...
That’s it. Your app is now protected by an AI layer that watches every incoming request.
Why I built this
I am a final-year computer science student at the University of Bamenda, Cameroon. I watched developers around me get their client sites hacked with no affordable way to understand what happened or prevent it from happening again. Enterprise WAFs like Cloudflare cost hundreds of dollars a month. Sucuri is built for a completely different context. Nothing existed for the PHP developer in Africa building real products for real clients on a real budget.
So I built it myself a hybrid ML engine, a 25+ attack, and an XAI dashboard that makes security understandable, not just automated.
It is free to start.
The Starter tier is free. No credit card. No enterprise contract. Just install the SDK, connect your app, and open the dashboard.
If you build PHP or Laravel apps and you have ever had a client site get hacked — or you are terrified of it happening — Kriosa is built specifically for you.
Try it today: kriosa.com
Install it: composer require kriosa-ai/kriosa-php
Full docs: kriosa.com/documentation.php
Built by a developer from Cameroon, for developers across Africa and beyond. If you have questions, drop them in the comments — I read everything.
Top comments (0)