Open-source has enabled the tech industry to creatively use, build, connect and innovate. Can you imagine a modern tech stack without open-source projects like Linux, Kubernetes, Kafka, Python, NodeJS, ElasticSearch, NGINX, Redis, MySQL, Mongo and numerous others?
In November 2002 Ivan Ristić, an English engineer, released a module for monitoring application traffic for Apache HTTP Server, known as ModSecurity or ModSec. A few years later, the module was released under an open-source license, and together with OWASP Core Rule Set (CRS) — a set of signatures for detecting web exploits, became the cornerstone of the entire WAF industry.
In 2022, many companies including Imperva, AWS, Microsoft, CloudFlare, Akamai, F5, NGINX and others are providing WAF products based on open-source ModSec concepts, signature-based technology and code.
Signature-based solutions are well proven, but they are reactive by nature, meaning that often signatures aren’t available until after vulnerabilities have been known for some time and exploits are put into circulation, as such they don’t provide good enough response for modern fast-spreading attacks. From an operational perspective they require constant tuning and exception handling to avoid false positives.
We are now starting open-appsec beta program — a new open-source initiative that builds on machine learning to provide enterprise web application and API security with the visibility, protection and manageability that is required by modern workloads.
- protects web applications & APIs preemptively against OWASP-Top-10- and zero-day attacks using patented machine learning with no threat signature upkeep
- blocks attacks such as Log4Shell and Spring4Shell, with default settings and no updates, due to its pre-emptive nature
- delivers precise threat prevention through continuous learning, finding attacks while eliminating the tuning & exception creation inherent to traditional WAFs
- can be deployed as add-on to Kubernetes Ingress (Kubernetes WAF), NGINX (NGINX WAF), Envoy (Envoy WAF) and API Gateways and provides CI/CD-friendly deployment and automation — from installation to upgrades, to configuration — using declarative infra-as-code or APIs
We are working to make the code available on GitHub once we have additional community feedback.
Please join our community, share your feedback and thoughts.