Blogs

open-appsec's Learning levels provide a clear path for maximizing the machine learning's performance and the WAF’s overall protection. This blog explains the progression of learning levels in open-appsec, how to track them, and the steps necessary to optimize and transition from Detect mode to Prevent mode, and how to enhance the learning after already reaching Prevent mode. 

On March 24, 2025, WIZ Research disclosed critical vulnerabilities in the Kubernetes Ingress NGINX Controller that allow unsanitized user...

Payswiff Technologies' perspective and insights after one year with open-appsec WAF

In this blog we announce the availability of significant enhancements for managing the custom-resource-based configuration of open-appsec.

In this blog, we explain how to deploy Envoy with open-appsec WAF on Docker using docker-compose and provide insights about the integration.

This blog explains how to get the best threat prevention results and lowest false positive rate from open-appsec contextual ML engine.

In this blog, we announce the (beta) release of a new docker-compose-based deployment option.

With more than a half thousand NPM deployments protected with open-appsec WAF, we are moving this integration to "General Availability"!

This article describes how we tested the efficacy of several leading WAF solutions in real-world conditions and the test's striking results.

Nesecon's user journey with open-appsec and their insights after over one year in their labs, pre-production, and the field

open-appsec announces its upcoming support for Envoy Proxy and Istio Service Mesh, without adding complexity or compromising performance

open-appsec announces its new integration with APISIX gateway. This blogs explains the deployment process on Linux, Docker and Kubernetes.

Protecting web applications in your homelab from unknown zero-day attacks by adding open-appsec to your reverse proxy.

This blog describes open-appsec upcoming support for ARM-Based platforms, addressing a key request from our user community.

This blog describes the benefits of practicing your WAF deployment before installing it and presents open-appsec's many playground options.

Discover the power of open-appsec WAF integrated with Docker SWAG for a seamless web app security solution

Discover the power of open-appsec WAF integrated with NGINX Proxy Manager (NPM) for a seamless web app security solution, now with a new cen

Learn how to leverage open-appsec / CloudGuard WAF for PCI DSS Requirement 6.4.1-2 Compliance.

Announcing open-appsec WAF Integration with NGINX Proxy Manager!

Blog examines CVE-2023-36934, a critical vulnerability in MOVEit Transfer software. We detailed the vulnerability's exploitation mechan

open-appsec events can be seen in the open-appsec central management WebUI. Here we explain how these events can also be displayed in SIEM.

How IT Creation, Netherlands transitioned from ModSecurity WAF to a machine-learning based open source WAF.

Gamification and metaphors can make AI's learning journey more transparent and relatable, explained on an open-source ML-based WAF

In this blog we describe how to secure MicroK8s Kubernetes cluster on an Ubuntu machine, using open-appsec based on NGINX ingress controller

ModSecurity will reach “End of Life“ by 31.3.2024. This blog explains how open-appsec can offer an open-source, free, ML-based alternative

In this blog we explain how to protect GraphQL applications effectively without any change to the protected application, using open-appsec.

On Monday August 28th, 2023 at 9:31 GMT open-appsec team was notified by email about a potential issue with the Web Portal Events view...

We conducted an experiment developing in two methods: traditional vs. ChatGPT. We share the process and what we learned.

Which WAF delivers the best Security and Detection Quality? We tested AWS, Azure, CloudFlare, F5 NGINX, ModSec, open-appsec / CloudGuard.

In this article, we will present how open-appsec's capabilities can help address each of the OWASP-Top-10 risks.

To explain the inner mechanics of open-appsec’s contextual ML engine, we created a video session, led by open-appsec PM, Christopher Lutat

In this blog we explain how to deploy open-appsec in SWAG version 2.5.0 in different options for self-compilation per OS and version.

In this article you will learn how to easily migrate or connect an existing local open-appsec deployment to the WebUI management portal.

This new integration allows open-appsec to connect to the CrowdSec local API to consume the CrowdSec Threat Intelligence.

In this blog we describe how we used the open-appsec engine’s Schema Validation capability to protect our own APIs.

The report evaluates and rates vendors based on a set of key criteria, including security capabilities, ease of use, and overall value.

open-appsec provides Kong users effective and integrated API Security including preemptive protection against zero-day attacks.

Modern SQLi evasion techniques evolve day by day raising the question of whether traditional WAF systems are able to handle this challenge.

Article explains how open-appsec ML-based engine allow pre-emptive protection against zero-days and how to configure it.

Claroty developed a bypass for WAF products. The attack involves appending JSON syntax to SQL injection. Many leading WAFs were vulnerable.

This articles compares NGINX App Protect signature-based WAF and open-appsec free open-source ML-based WAF.

Why you should perform pentesting, how to fix common issues discovered and how to mitigate using a WAF.

open-appsec deployment package does not bring OpenSSL. The library installed during deployment is version 1.1.1, which is not vulnerable.

Pre-emptive web app & API threat protection against OWASP-Top-10 and  zero-day attacks for Kubernetes Ingress, NGINX, Envoy and API Gateways

open-appsec ML-based WAF provides out-of-the-box protection against the latest "text4shell” vulnerability (CVE-2022-42889)

In today's environment of tested and proven ML, there is no reason to accept low expectations for protection.

A deep look at zero-day exploits and whether it is possible to avoid being the victim of one.

Open-source has enabled the tech industry to creatively use, build, connect and innovate. Can you imagine a modern tech stack without...