top of page
Blogs
The Essential Cyber Resilience Strategy for InfoSec
For years, cybersecurity strategies have been obsessed with prevention: keep attackers out, patch vulnerabilities, and strengthen...
Eyal Katz
Aug 217 min read
Cyber Resilience vs Cyber Security: Is There a Difference?
The internet never sleeps, and neither do cyber threats. Every second, somewhere in the world, a system is being probed for weaknesses,...
Eyal Katz
Aug 216 min read
Introducing: open-appsec Machine-Learning-Driven WAF for Kong Gateway – Featuring a New, Flexible Lua-Based Plugin (Beta)
The new open-appsec WAF plugin for Kong Gateway (beta) brings machine-learning-powered security to your API gateway — protecting against OWASP Top 10, zero-day attacks, and more without signatures.
Now available for Kong OSS and Enterprise, running on Linux, Docker, and Kubernetes.
Christopher Lutat
Jul 316 min read
open-appsec Integration with Istio Ingress Gateway - Beta Release Now Available!
open-appsec now offers beta integration with Istio Ingress Gateway, enhancing Kubernetes environments by protecting web applications from various attacks using AI-driven WAF technology. This integration adds security at the edge of service meshes, leveraging Istio’s advanced traffic management features.
Christopher Lutat
Jul 2410 min read
cra-ready.org - a Practical Guide to Cyber Resilience Act (CRA) Compliance
CRA-Ready.org is built to help businesses understand and meet the requirements of the European Union’s Cyber Resilience Act (CRA). The CRA introduces mandatory cybersecurity obligations for all digital products—software and connected hardware—sold in the EU. This includes consumer apps, industrial control systems, IoT devices, and even open-source components used in commercial contexts.
Editorial
Jun 22 min read
Scaling WAF Protection Across Multi-Cloud Environments with open-appsec
As organizations embrace the flexibility and resilience of multi-cloud and hybrid architectures, a new challenge emerges: how do you...
Oriane Louzoun
May 293 min read
open-appsec vs Traditional WAFs: What Can You Gain by Going Cloud-Native and Open Source
While traditional Web Application Firewalls (WAFs) have long been the go-to solution for protecting web applications, modern architectures demand a new approach. In this blog, we’ll explore the key differences between open-appsec and traditional WAFs — and why organizations are making the switch.
Oriane Louzoun
May 233 min read
From Kindergarten to PhD - Leveraging open-appsec WAF Machine Learning Levels for a Robust Web Protection
open-appsec's Learning levels provide a clear path for maximizing the machine learning's performance and the WAF’s overall protection. This blog explains the progression of learning levels in open-appsec, how to track them, and the steps necessary to optimize and transition from Detect mode to Prevent mode, and how to enhance the learning after already reaching Prevent mode.Â
Hen Eliyahu
Apr 287 min read
Akamai WAF: Complete List of Pros and Cons
Could your web app be under attack as we speak? Cyber attackers and automated bots are moving in the shadows, quietly looking for weak...
Eyal Katz
Apr 36 min read
Remediation for Ingress NGINX Controller Vulnerability
On March 24, 2025, WIZ Research disclosed critical vulnerabilities in the Kubernetes Ingress NGINX Controller that allow unsanitized user...
Boris Rozenfeld
Mar 252 min read
From Zero to 900+ Million Requests: A Year with open-appsec WAF
Payswiff Technologies' perspective and insights after one year with open-appsec WAF
Krishna Mohan Parsha
Mar 244 min read
Introducing New Schema and CRDs for open-appsec Declarative Configuration and Enhancements for Large-Scale Deployments (K8s)
In this blog we announce the availability of significant enhancements for managing the custom-resource-based configuration of open-appsec.
Christopher Lutat
Mar 135 min read
bottom of page