Introduction
Payswiff Technologies offers high-performance products and solutions for payment infrastructure in the Indian Digital landscape. It offers SME merchants, banks, and enterprises a platform that includes technology and financial solutions to manage their business, enable growth, and increase footfalls.
In an era where web application security can make or break user trust, organizations often struggle to find a WAF (Web Application Firewall) solution that’s both reliable and flexible. After spending a year deploying and managing Check Point Software’s open-appsec WAF across QA, UAT and PROD environments running NGINX reverse proxy/load balancers on CentOS and RHEL, Payswiff gained firsthand insights into how it stands up against large-scale traffic, integrates with production workflows, and responds to evolving threats.
open-appsec is an open-source next-generation WAF that delivers robust protection for modern web applications and APIs, powered by an advanced machine learning engine and automated policy creation. It prevents both known and unknown attacks without requiring any signatures, opposite to traditional WAF solutions which are built based on static signatures, and therefore by design unable to prevent zero-day attacks.
open-appsec integrates seamlessly into modern, cloud-native environments due to its extensive compatibility with common reverse proxy, ingress controller, and API gateway solutions like NGINX, Envoy, Kong, APISIX, Ingress NGINX, and many more.
By starting with a well-structured test environment, refining policies based on actionable logs and feedback, and then phasing into a production environment, organizations can ensure a smooth, successful deployment. The result is a future-proof security posture. One that’s adaptive, automated, and aligned with the speed of modern software delivery. Whether you’re protecting a single web service or a sprawling microservices architecture, open-appsec offers an enterprise-grade WAF that’s ready to confront cyber threats.
Why We Chose open-appsec WAF?
We needed a WAF that could:
Scale to handle large volumes of traffic
Adapt to new threats using machine learning and automated policy creation
Integrate smoothly with our load-balancing layer with minimal or no change
Performance & Scalability
Minimal Latency Impact: Even at high volumes, overhead to remain low
High Throughput: Accustomed to scenarios with sudden traffic spikes
Machine Learning in Action
Adaptive Protection: As the traffic patterns changed (new endpoints, new parameters), the WAF’s ML engine automatically refined policies. This reduced the maintenance burden on our security team.
Low False Positives: At the beginning, we encountered a handful of false positives mostly on new API endpoints. However, after initial tuning and letting the WAF observe more real-world traffic, these dropped significantly.
Flexible Deployment
Cloud, Containers, On-Prem: It can be integrated into existing infrastructures whether you’re running Kubernetes clusters, hybrid cloud deployments, or traditional on-prem servers.
Coverage for OWASP-Top-10 & Beyond
Comprehensive Rule Sets: Out-of-the-box, open-appsec provides coverage for common vulnerabilities like SQL injection, cross-site scripting, and more.
Zero-Day Capabilities: ML-driven insight helps detect new or unknown attack techniques not yet included in static rule sets.
It consistently blocked:
SQL Injection Attempts
Cross-Site Scripting (XSS)
Directory Traversal
Command Injection
Real-Time Blocking & Alerts
Immediate Feedback Loop: Whenever a suspicious request hits the WAF, our security dashboard flags it. This timely insight allows us to investigate potential breaches or malicious traffic.
Automated Alerts: Alerts funnel into our incident response system, ensuring that no critical threat slips through unnoticed.
Observability & Analytics
Comprehensive Dashboards: open-appsec’s built-in dashboard gives a granular view of threat types, source IPs, and blocked requests.
Log Aggregation: We forward logs to our SIEM solution, correlating WAF events with system- and network-level data. This holistic view has proven invaluable during troubleshooting and incident response.
Incident Response & Post-Mortems: If a breach attempt or suspicious incident occurs, use open-appsec’s forensic data to guide root cause analysis and further refine rules.
Open Source & Community-Driven
No Licensing Barriers: Being open-source lowers adoption costs, giving organizations of all sizes access to enterprise-grade security.
Community Contributions: Users can leverage shared best practices, feature requests, and community-driven improvements.
Challenges & Lessons Learned
Initial Learning Period: The WAF required a few weeks/months of traffic observation based on the request volumes to establish baselines for normal user behavior. During this phase, setting it to “alert-only” mode prevented accidental blocking of legitimate requests.
Fine-Tuning for Custom Apps: If you run highly customized APIs or microservices, expect some manual rules to refine detection. However, this was significantly less time-consuming.
Final Verdict: One Year Later
After 12 months of continuous, large-scale operation handling 900+ million HTTP requests across all our environments, we’ve found open-appsec WAF integrated with our load-balancers to be:
Highly Scalable: Easily handles large traffic volumes with minimal performance overhead.
Accurate & Adaptive: The ML-driven approach significantly reduces false positives while staying ahead of emerging threats.
Easy to Maintain: Automated policy learning and dev-friendly integrations make it less burdensome and an enterprise-class WAF solution.
In conclusion, open-appsec has proven to be a future-ready, cost-effective solution for those looking to secure modern web applications and APIs.
For organizations seeking a robust WAF that can handle millions of requests without sacrificing speed or developer velocity, open-appsec WAF is a strong contender. Its ML-driven detection, seamless integrations, and community-powered updates make it a standout choice.
open-appsec is an open-source project that builds on machine learning to provide pre-emptive web app & API threat protection against OWASP-Top-10 and zero-day attacks. It simplifies maintenance as there is no threat signature upkeep and exception handling, like common in many WAF solutions.
To learn more about how open-appsec works, see this White Paper and the in-depth Video Tutorial. You can also experiment with deployment in the free Playground.
