Blogs

How IT Creation, Netherlands transitioned from ModSecurity WAF to a machine-learning based open source WAF.

Gamification and metaphors can make AI's learning journey more transparent and relatable, explained on an open-source ML-based WAF

In this blog we describe how to secure MicroK8s Kubernetes cluster on an Ubuntu machine, using open-appsec based on NGINX ingress controller

ModSecurity will reach “End of Life“ by 31.3.2024. This blog explains how open-appsec can offer an open-source, free, ML-based alternative

In this blog we explain how to protect GraphQL applications effectively without any change to the protected application, using open-appsec.

On Monday August 28th, 2023 at 9:31 GMT open-appsec team was notified by email about a potential issue with the Web Portal Events view...

We conducted an experiment developing in two methods: traditional vs. ChatGPT. We share the process and what we learned.

Which WAF delivers the best Security and Detection Quality? We tested AWS, Azure, CloudFlare, F5 NGINX, ModSec, open-appsec / CloudGuard.

In this article, we will present how open-appsec's capabilities can help address each of the OWASP-Top-10 risks.

To explain the inner mechanics of open-appsec’s contextual ML engine, we created a video session, led by open-appsec PM, Christopher Lutat

In this blog we explain how to deploy open-appsec in SWAG version 2.5.0 in different options for self-compilation per OS and version.

In this article you will learn how to easily migrate or connect an existing local open-appsec deployment to the WebUI management portal.

This new integration allows open-appsec to connect to the CrowdSec local API to consume the CrowdSec Threat Intelligence.

In this blog we describe how we used the open-appsec engine’s Schema Validation capability to protect our own APIs.

The report evaluates and rates vendors based on a set of key criteria, including security capabilities, ease of use, and overall value.

open-appsec provides Kong users effective and integrated API Security including preemptive protection against zero-day attacks.

Modern SQLi evasion techniques evolve day by day raising the question of whether traditional WAF systems are able to handle this challenge.

Article explains how open-appsec ML-based engine allow pre-emptive protection against zero-days and how to configure it.

Claroty developed a bypass for WAF products. The attack involves appending JSON syntax to SQL injection. Many leading WAFs were vulnerable.

This articles compares NGINX App Protect signature-based WAF and open-appsec free open-source ML-based WAF.