top of page
Blogs


Remediation for Ingress NGINX Controller Vulnerability
On March 24, 2025, WIZ Research disclosed critical vulnerabilities in the Kubernetes Ingress NGINX Controller that allow unsanitized user...
Boris Rozenfeld
5 days ago2 min read


From Zero to 900+ Million Requests: A Year with open-appsec WAF
Payswiff Technologies' perspective and insights after one year with open-appsec WAF
Krishna Mohan Parsha
6 days ago4 min read


Introducing New Schema and CRDs for open-appsec Declarative Configuration and Enhancements for Large-Scale Deployments (K8s)
In this blog we announce the availability of significant enhancements for managing the custom-resource-based configuration of open-appsec.
Christopher Lutat
Mar 135 min read


open-appsec Integration with Envoy Proxy (Docker) - Now Available in beta!
In this blog, we explain how to deploy Envoy with open-appsec WAF on Docker using docker-compose and provide insights about the integration.
Christopher Lutat
Feb 106 min read


How to Set Up open-appsec for Best Threat Prevention Results of the Contextual Machine Learning Engine
This blog explains how to get the best threat prevention results and lowest false positive rate from open-appsec contextual ML engine.
Christopher Lutat
Feb 56 min read


open-appsec WAF - Docker Compose Deployment: New Capabilities!
In this blog, we announce the (beta) release of a new docker-compose-based deployment option.
Christopher Lutat
Jan 227 min read


Announcing "General Availability" for NGINX Proxy Manager / open-appsec WAF integration!
With more than a half thousand NPM deployments protected with open-appsec WAF, we are moving this integration to "General Availability"!
Christopher Lutat
Jan 142 min read

Best WAF Solutions in 2024-2025: Real-World Comparison
This article describes how we tested the efficacy of several leading WAF solutions in real-world conditions and the test's striking results.
Boris Rozenfeld
Dec 1, 202414 min read


How did we learn open-appsec is the best WAF solution for us? Nesecon’s take on their journey with open-appsec
Nesecon's user journey with open-appsec and their insights after over one year in their labs, pre-production, and the field
Flavio Molinelli
Nov 21, 20244 min read


open-appsec WAF announces upcoming support for Envoy and Istio
open-appsec announces its upcoming support for Envoy Proxy and Istio Service Mesh, without adding complexity or compromising performance
Christopher Lutat
Nov 14, 20245 min read


Announcing open-appsec WAF integration with Apache APISIX API Gateway
open-appsec announces its new integration with APISIX gateway. This blogs explains the deployment process on Linux, Docker and Kubernetes.
Christopher Lutat
Oct 22, 20249 min read


How to Protect Exposed Web Applications in Your Homelab by Adding open-appsec WAF to Your Reverse Proxy
Protecting web applications in your homelab from unknown zero-day attacks by adding open-appsec to your reverse proxy.
Christopher Lutat
Oct 9, 20244 min read


open-appsec WAF Announces Upcoming Support for ARM-Based Platforms
This blog describes open-appsec upcoming support for ARM-Based platforms, addressing a key request from our user community.
Christopher Lutat
Sep 26, 20243 min read


How to Deploy a WAF with Confidence - Learn to Deploy open-appsec Using Virtual Hands-On Labs
This blog describes the benefits of practicing your WAF deployment before installing it and presents open-appsec's many playground options.
Hen Eliyahu
Sep 16, 20247 min read


Announcing open-appsec WAF Integration with Docker SWAG (Secure Web Application Gateway)
Discover the power of open-appsec WAF integrated with Docker SWAG for a seamless web app security solution
Christopher Lutat
Aug 7, 20249 min read


NGINX Proxy Manager WAF: New central WebUI management option for open-appsec
Discover the power of open-appsec WAF integrated with NGINX Proxy Manager (NPM) for a seamless web app security solution, now with a new cen
Christopher Lutat
May 29, 20243 min read


Leveraging open-appsec / CloudGuard WAF for PCI DSS Requirement 6.4.1-2 Compliance
Learn how to leverage open-appsec / CloudGuard WAF for PCI DSS Requirement 6.4.1-2 Compliance.
Oriane Louzoun
Feb 25, 20243 min read


Announcing open-appsec WAF Integration with NGINX Proxy Manager
Announcing open-appsec WAF Integration with NGINX Proxy Manager!
Christopher Lutat
Dec 28, 20239 min read


Zero-day protection for MOVEit CVE-2023-36934
Blog examines CVE-2023-36934, a critical vulnerability in MOVEit Transfer software. We detailed the vulnerability's exploitation mechan
Boris Rozenfeld
Dec 18, 20233 min read


How you can integrate open-appsec logs into various SIEM services
open-appsec events can be seen in the open-appsec central management WebUI. Here we explain how these events can also be displayed in SIEM.
Christopher Lutat
Oct 27, 20236 min read

Transitioning from ModSecurity WAF to open-appsec at IT Creation, Netherlands
How IT Creation, Netherlands transitioned from ModSecurity WAF to a machine-learning based open source WAF.
Eyal Katz
Oct 17, 20233 min read

Using Gamification to demystify the AI black-box in a Web Application Firewall (WAF) product
Gamification and metaphors can make AI's learning journey more transparent and relatable, explained on an open-source ML-based WAF
Oded Gonda
Sep 29, 20235 min read


How to deploy open-appsec on MicroK8s
In this blog we describe how to secure MicroK8s Kubernetes cluster on an Ubuntu machine, using open-appsec based on NGINX ingress controller
Oriane Louzoun
Sep 29, 20236 min read

How to switch to a ModSecurity WAF alternative before it is EOL in March 2024?
ModSecurity will reach “End of Life“ by 31.3.2024. This blog explains how open-appsec can offer an open-source, free, ML-based alternative
Oded Gonda
Sep 4, 20235 min read


How to effectively Secure GraphQL APIs and Web Apps?
In this blog we explain how to protect GraphQL applications effectively without any change to the protected application, using open-appsec.
Netzer Shohet
Aug 31, 20234 min read


Issue with open-appsec Web Portal Events view
On Monday August 28th, 2023 at 9:31 GMT open-appsec team was notified by email about a potential issue with the Web Portal Events view...
Editorial
Aug 28, 20231 min read

Developing Web Application and API Rate Limiting using ChatGPT
We conducted an experiment developing in two methods: traditional vs. ChatGPT. We share the process and what we learned.
Netzer Shohet
Jul 26, 202310 min read

Best WAF solutions in 2023 - real-world comparison
Which WAF delivers the best Security and Detection Quality? We tested AWS, Azure, CloudFlare, F5 NGINX, ModSec, open-appsec / CloudGuard.
Boris Rozenfeld
Jul 13, 202311 min read


How to Deal with OWASP-Top-10 Attacks Using open-appsec Open Source WAF
In this article, we will present how open-appsec's capabilities can help address each of the OWASP-Top-10 risks.
Christopher Lutat
Jun 28, 202312 min read


How open-appsec Machine Learning WAF Pre-emptively Block Attacks? A Deep-Dive Video.
To explain the inner mechanics of open-appsec’s contextual ML engine, we created a video session, led by open-appsec PM, Christopher Lutat
Christopher Lutat
Jun 22, 20232 min read


How to deploy open-appsec on a Docker SWAG Linux server
In this blog we explain how to deploy open-appsec in SWAG version 2.5.0 in different options for self-compilation per OS and version.
Oriane Louzoun
Jun 4, 20234 min read


How to Easily Connect Your Locally Managed open-appsec Deployment to Management Portal (SaaS)
In this article you will learn how to easily migrate or connect an existing local open-appsec deployment to the WebUI management portal.
Netzer Shohet
Apr 20, 20235 min read


open-appsec Introduces CrowdSec Integration for Community Threat Intelligence Protection
This new integration allows open-appsec to connect to the CrowdSec local API to consume the CrowdSec Threat Intelligence.
Christopher Lutat
Apr 4, 20235 min read


How We Deployed open-appsec API Security Schema Validation to Protect our own Backend Systems
In this blog we describe how we used the open-appsec engine’s Schema Validation capability to protect our own APIs.
Netzer Shohet
Mar 22, 20235 min read

2023 GigaOm Radar report selects open-appsec as a Leader in the Application and API Security Space
The report evaluates and rates vendors based on a set of key criteria, including security capabilities, ease of use, and overall value.
Hen Eliyahu
Mar 13, 20235 min read

open-appsec provides ML-based API Security add-on for Kong API Gateways
open-appsec provides Kong users effective and integrated API Security including preemptive protection against zero-day attacks.
Christopher Lutat
Feb 23, 20236 min read

open-appsec ML-based WAF protects against modern SQLi AutoSpear evasion techniques
Modern SQLi evasion techniques evolve day by day raising the question of whether traditional WAF systems are able to handle this challenge.
Boris Rozenfeld
Feb 19, 20234 min read


Deep Dive into open-appsec Machine Learning Technology
Article explains how open-appsec ML-based engine allow pre-emptive protection against zero-days and how to configure it.
Fortune Adekogbe
Feb 6, 20238 min read

open-appsec / CloudGuard AppSec is the only product known to pre-emptively block Claroty WAF bypass
Claroty developed a bypass for WAF products. The attack involves appending JSON syntax to SQL injection. Many leading WAFs were vulnerable.
Oded Gonda
Dec 10, 20224 min read

NGINX WAF and Kubernetes WAF options (App Protect vs. open-appsec)
This articles compares NGINX App Protect signature-based WAF and open-appsec free open-source ML-based WAF.
Christopher Lutat
Nov 17, 20224 min read

What to do When Your Web Application or API Penetration Test Fails
Why you should perform pentesting, how to fix common issues discovered and how to mitigate using a WAF.
Mohammed Osman
Nov 11, 20227 min read


OpenSSL Vulnerability November 2022 (CVE-2022-3786 and CVE-2022-3602)
open-appsec deployment package does not bring OpenSSL. The library installed during deployment is version 1.1.1, which is not vulnerable.
Editorial
Oct 31, 20221 min read


Open-source code is now published for open-appsec Machine Learning-based WAF
Pre-emptive web app & API threat protection against OWASP-Top-10 and zero-day attacks for Kubernetes Ingress, NGINX, Envoy and API Gateways
Roy Barda
Oct 26, 20223 min read


open-appsec/CloudGuard AppSec preemptive protection for text4shell zero-day attack (CVE-2022-42889)
open-appsec ML-based WAF provides out-of-the-box protection against the latest "text4shell” vulnerability (CVE-2022-42889)
Christopher Lutat
Oct 18, 20223 min read


17 hours to react to zero-day threats -- good enough? A perspective on Forrester’s WAF Vendors Wave
In today's environment of tested and proven ML, there is no reason to accept low expectations for protection.
Oded Gonda
Sep 30, 20225 min read


Zero day attack prevention
A deep look at zero-day exploits and whether it is possible to avoid being the victim of one.
Thinus Swart
Sep 18, 20228 min read


Hello, world! About open-appsec beta.
Open-source has enabled the tech industry to creatively use, build, connect and innovate. Can you imagine a modern tech stack without...
Oded Gonda
Aug 25, 20222 min read
bottom of page