open-appsec NGINX WAF Tutorial

open-appsec (https://www.openappsec.io) is an open-source initiative that builds on machine learning. It provides pre-emptive web app & API threat protection against OWASP Top-10- and zero-day attacks.

open-appsec is designed for simple setup and painless maintenance. Thanks to machine learning, there is no threat signature upkeep and exception handling, like common in many WAF solutions. It can be deployed as add-on to Kubernetes Ingress, NGINX, Envoy and API Gateways.

In this tutorial we will show how to protect Web applications & APIs in just a few minutes using a demo web application called Acme Audit that has multiple security vulnerabilities.

• You will learn how to Attack the application by performing a SQL Injection (a simple attack just for demo purpose).
• Deploy open-appsec for NGINX Ingress and protect it
• Attack the application again to see that the protection is effective
• Connect your deployment to the SaaS Web-Based Management

You can run this tutorial yourself by choosing the Playground option at the top menu of https://openappsec.io website.