How to switch to a ModSecurity WAF alternative before it is EOL in March 2024?
ModSecurity will reach “End of Life“ by 31.3.2024. This blog explains how open-appsec can offer an open-source, free, ML-based alternative
top of page
Blogs
Netzer Shohet
- Aug 31
- 4 min
How to effectively Secure GraphQL APIs and Web Apps?
In this blog we explain how to protect GraphQL applications effectively without any change to the protected application, using open-appsec.
Editorial
- Aug 28
- 1 min
Issue with open-appsec Web Portal Events view
On Monday August 28th, 2023 at 9:31 GMT open-appsec team was notified by email about a potential issue with the Web Portal Events view...
Netzer Shohet
- Jul 26
- 10 min
Developing Web Application and API Rate Limiting using ChatGPT
We conducted an experiment developing in two methods: traditional vs. ChatGPT. We share the process and what we learned.
Boris Rozenfeld
- Jul 13
- 11 min
Best WAF solutions in 2023 - real-world comparison
Which WAF delivers the best Security and Detection Quality? We tested AWS, Azure, CloudFlare, F5 NGINX, ModSec, open-appsec / CloudGuard.
Christopher Lutat
- Jun 28
- 12 min
How to Deal with OWASP-Top-10 Attacks Using open-appsec Open Source WAF
In this article, we will present how open-appsec's capabilities can help address each of the OWASP-Top-10 risks.
Christopher Lutat
- Jun 22
- 2 min
How open-appsec Machine Learning WAF Pre-emptively Block Attacks? A Deep-Dive Video.
To explain the inner mechanics of open-appsec’s contextual ML engine, we created a video session, led by open-appsec PM, Christopher Lutat
Oriane Louzoun
- Jun 4
- 4 min
How to deploy open-appsec on a Docker SWAG Linux server
In this blog we explain how to deploy open-appsec in SWAG version 2.5.0 in different options for self-compilation per OS and version.
Netzer Shohet
- Apr 20
- 5 min
How to Easily Connect Your Locally Managed open-appsec Deployment to Management Portal (SaaS)
In this article you will learn how to easily migrate or connect an existing local open-appsec deployment to the WebUI management portal.
Christopher Lutat
- Apr 4
- 5 min
open-appsec Introduces CrowdSec Integration for Community Threat Intelligence Protection
This new integration allows open-appsec to connect to the CrowdSec local API to consume the CrowdSec Threat Intelligence.
Netzer Shohet
- Mar 22
- 5 min
How We Deployed open-appsec API Security Schema Validation to Protect our own Backend Systems
In this blog we describe how we used the open-appsec engine’s Schema Validation capability to protect our own APIs.
Hen Eliyahu
- Mar 13
- 5 min
2023 GigaOm Radar report selects open-appsec as a Leader in the Application and API Security Space
The report evaluates and rates vendors based on a set of key criteria, including security capabilities, ease of use, and overall value.
Christopher Lutat
- Feb 23
- 6 min
open-appsec provides ML-based API Security add-on for Kong API Gateways
open-appsec provides Kong users effective and integrated API Security including preemptive protection against zero-day attacks.
Boris Rozenfeld
- Feb 19
- 4 min
open-appsec ML-based WAF protects against modern SQLi AutoSpear evasion techniques
Modern SQLi evasion techniques evolve day by day raising the question of whether traditional WAF systems are able to handle this challenge.
Fortune Adekogbe
- Feb 6
- 8 min
Deep Dive into open-appsec Machine Learning Technology
Article explains how open-appsec ML-based engine allow pre-emptive protection against zero-days and how to configure it.
Oded Gonda
- Dec 10, 2022
- 4 min
open-appsec / CloudGuard AppSec is the only product known to pre-emptively block Claroty WAF bypass
Claroty developed a bypass for WAF products. The attack involves appending JSON syntax to SQL injection. Many leading WAFs were vulnerable.
Christopher Lutat
- Nov 17, 2022
- 4 min
NGINX WAF and Kubernetes WAF options (App Protect vs. open-appsec)
This articles compares NGINX App Protect signature-based WAF and open-appsec free open-source ML-based WAF.
Mohammed Osman
- Nov 11, 2022
- 7 min
What to do When Your Web Application or API Penetration Test Fails
Why you should perform pentesting, how to fix common issues discovered and how to mitigate using a WAF.
Editorial
- Oct 31, 2022
- 1 min
OpenSSL Vulnerability November 2022 (CVE-2022-3786 and CVE-2022-3602)
open-appsec deployment package does not bring OpenSSL. The library installed during deployment is version 1.1.1, which is not vulnerable.
Roy Barda
- Oct 26, 2022
- 3 min
Open-source code is now published for open-appsec Machine Learning-based WAF
Pre-emptive web app & API threat protection against OWASP-Top-10 and zero-day attacks for Kubernetes Ingress, NGINX, Envoy and API Gateways
Christopher Lutat
- Oct 18, 2022
- 3 min
open-appsec/CloudGuard AppSec preemptive protection for text4shell zero-day attack (CVE-2022-42889)
open-appsec ML-based WAF provides out-of-the-box protection against the latest "text4shell” vulnerability (CVE-2022-42889)
Oded Gonda
- Sep 30, 2022
- 5 min
17 hours to react to zero-day threats -- good enough? A perspective on Forrester’s WAF Vendors Wave
In today's environment of tested and proven ML, there is no reason to accept low expectations for protection.
Thinus Swart
- Sep 18, 2022
- 8 min
Zero day attack prevention
A deep look at zero-day exploits and whether it is possible to avoid being the victim of one.
Oded Gonda
- Aug 25, 2022
- 2 min
Hello, world! About open-appsec beta.
Open-source has enabled the tech industry to creatively use, build, connect and innovate. Can you imagine a modern tech stack without...
bottom of page