top of page
Hen Eliyahu
Sep 167 min read

How to Deploy a WAF with Confidence - Learn to Deploy open-appsec Using Virtual Hands-On Labs

Overview

Virtual hands-on labs or playgrounds today are playing a crucial role in the learning process of deploying a new product or software. They are designed to simulate real-world scenarios so potential users can learn about a new solution in a safe environment. In cyber security space, these interactive simulated environments are offering many organizations and security teams the opportunity to gain practical experience and familiarize themselves with the deployment process of a particular security solution, before fully deploying it in their own “real-world“ environment.


As the rate of global cyberattacks has risen by 38% in 2022, many businesses and organizations are in need to take action and mitigate these risks to protect their assets from cyber threats. In the web application and API security space precisely, adding a new WAF to protect your assets is a crucial decision and it’s important to do it with confidence that the solution you have chosen is indeed the ideal fit for your organization’s needs and can provide you with the best possible security against known and unknown web attacks. Preferably, you would rather do it after you/your security team had the opportunity to learn how to deploy it successfully and ensure its protection.


open-appsec, an open-source Web Application & API Security solution, offers many virtual hands-on labs where potential users can learn how to deploy it on various platforms, experience hands-on a web application attack, and learn how to prevent it. All without installing anything in your environment.

 

In this blog, we will describe the benefits of practicing your WAF deployment before installing an agent in your actual environment, and present you with open-appsec’s playground options.

open-appsec

open-appsec is an open-source Web Application & API Security solution, which provides automatic and preemptive security using machine learning. The code is also available on GitHub. open-appsec has repeatedly proven to protect against zero-days, OWASP-Top-10, and other attacks using contextual machine learning instead of traditional signatures.

 

As signatures for new attacks by design can only be created after new attacks have been published, a WAF solution that relies solely on signatures will never protect preemptively (in advance) against zero-day attacks. This is especially important, as a vulnerability usually exists for a long time within the affected code of a software or a library, before the first public disclosure of a corresponding CVE record describing it. For this reason, open-appsec does not rely on signatures at all so it can provide true preemptive zero-day protection.

 

In addition, open-appsec reduces the administrative effort as well as the amount of false positives significantly, while providing stronger protection even for unknown attacks. open-appsec supports all typical deployment platforms like VMs, Kubernetes, and Docker and integrates with NGINX, Kong, and other web proxies and K8s ingress controllers.


The benefits of learning how to deploy your WAF through virtual labs before installing


Practicing hands-on before installing a WAF can have many benefits:


  • Gaining practical experience: Virtual hands-on labs provide potential users with a simulated environment where they can actively engage with the WAF deployment process in accordance with the platform they are using – Kubernetes, Linux, Docker, etc. Instead of relying solely on theoretical knowledge before deploying a new WAF solution, the security team and DevSecOps engineers can practice deploying the solution step-by-step, while gaining valuable hands-on experience. This practical learning approach enhances the user’s understanding of how the solution is deployed, performs, and integrates with other related solutions.

  • Risk-free learning environment: Deploying a WAF solution in a real-world scenario can carry risks, especially if mistakes are made during the process. Deploying an underperforming web app security solution can result in compromising sensitive information and can allow unauthorized access to your assets. It can lead to data breaches, data theft, and malicious attacks, which can result in significant financial losses and damage your organization's reputation. Virtual labs eliminate these risks by offering a safe and controlled environment for users to experiment and learn from their errors without any negative consequences. Users can try different configurations, troubleshoot issues, and explore various scenarios without impacting live systems.


    In this aspect, it’s important to mention that on top of open-appsec’s Playground scenarios, its actual deployment process allows users to set it on ‘Learn/Detect’ mode whenever a new asset is added. This mode allows open-appsec’s contextual machine learning engine to learn from actual HTTP requests how the web application is used, without blocking any of them, in order to improve its accuracy. This learning process is reflected within open-appsec web UI management portal so you can always know which learning level you are in and decide when to switch to ’Prevent’ mode. You can learn more about that aspect here.


  • Time and Cost Efficiency: Traditional methods of learning often require physical resources, such as hardware and software installations, which can be time-consuming and expensive. Virtual hands-on labs eliminate these constraints by providing users with a virtualized environment where they can practice product deployment. This saves time and reduces costs associated with acquiring and maintaining additional resources.

  • Scalability and Accessibility: Virtual labs can accommodate a large number of users simultaneously, regardless of their geographic location. This scalability allows organizations to provide hands-on training to a larger audience without the need for physical infrastructure. Users can access virtual labs from anywhere, at the most convenient time for them, providing them with greater flexibility and accessibility.

  • Realistic Simulations: Virtual labs aim to replicate real-world deployment scenarios as closely as possible. open-appsec virtual labs simulate the actual WAF deployment and its integrations, its infrastructure, and the tools that users would encounter in a live deployment. This realistic environment helps users develop a deeper understanding of the product and its deployment requirements, preparing them for real-world challenges.

  • Continuous Learning and Iteration: Virtual labs can be updated easily to reflect the latest product versions or deployment practices and options. Accordingly, open-appsec offers new Playground options for new deployment options. As the product further progresses, the hands-on lab progresses with it and offers to practice every new deployment option in a simulated environment. Users can stay up-to-date with the evolving technology landscape, ensuring their knowledge remains relevant. Additionally, virtual labs allow for iterative learning, enabling users to repeat and refine the deployment process until they achieve the desired outcomes.

 

open-appsec Playground options:


open-appsec Playgrounds currently offers several virtual hands-on lab environments, while we are working on more to be added shortly. These are instantly available scenarios that simulate various deployment options for your convenience, e.g., a Kubernetes cluster or a VM for open-appsec deployment ready at the tip of your fingers. Walking through each of these Playground options will take just a few minutes.

The demo allows you to:

  • Attack a web application or an API using an SQL injection.

  • Deploy a demo open-appsec agent to protect the web application or the API.

  • Attack the application again to see that open-appsec’s protection is effective.

  • Connect your demo agent to open-appsec Web-Based Management portal (SaaS), to illustrate how attacks are visualized and tracked in the management portal.


Kubernetes Ingress Playground: 

This scenario will teach you how to protect Web applications & APIs by adding open-appsec to a Kubernetes NGINX Ingress Controller.



Linux NGINX Playground: 

This scenario will teach you how to protect Web applications & APIs by adding open-appsec to NGINX running on a Linux server.



Kubernetes Kong Playground:

Kong Gateway is a cloud-native, scalable open-source API gateway and microservices management platform. It can be used to handle traffic management, authentication, and authorization for microservices. open-appsec can be deployed as an API security and zero-day attack protection for Kong Gateway. This scenario will teach you how to protect Web Applications & APIs running in Kubernetes cluster by deploying a Kong Gateway with open-appsec.


Linux Kong Playground:

This scenario will teach you how to protect Web Applications & APIs running in Linux by deploying a Kong Gateway with open-appsec.



Kubernetes CrowdSec Playground:

This scenario will teach you how to protect Web applications & APIs in Kubernetes by adding open-appsec, integrated with CrowdSec Threat Intelligence, to a Kubernetes Ingress Controller. CrowdSec provides a large, open-source, community-fueled collection of Threat Intelligence (IP addresses and networks). This integration allows open-appsec to connect to CrowdSec and consume the CrowdSec Threat Intelligence, preventing traffic from known malicious IPs and networks accessing web applications and APIs which are protected by open-appsec. Here also, we use a demo web application that responds to the attacker’s HTTP GET requests and then protect it with open-appsec integrated with CrowdSec to block malicious sources.



Docker NGINX unified Playground:

This scenario will teach you how to protect Web applications & APIs by deploying NGINX and open-appsec unified on Docker to act as reverse proxy and protect the application.



Docker NGINX Playground:

This scenario will teach you how to protect Web applications & APIs by deploying NGINX on Docker to act as a reverse proxy and deploying open-appsec on Docker to protect the application.



Docker Kong Playground

This scenario will teach you how to protect Web applications & APIs by deploying Kong on Docker to act as an API Gateway and deploying open-appsec on Docker to protect the application.


NGINX Proxy Manager

This Scenario will teach you how to deploy NGINX Proxy Manager using a simple Web UI, and to enable open-appsec using the NGINX Proxy Manager UI as well.


NGINX Proxy Manager managed from open-appsec Web UI Playground

This Scenario will teach you how to deploy NGINX Proxy Manager using a simple Web UI, and to enable open-appsec using the open-appsec Web UI.


__________________________________________________________________________________________

open-appsec is an open-source project that builds on machine learning to provide pre-emptive web app & API threat protection against OWASP-Top-10 and zero-day attacks. It simplifies maintenance as there is no threat signature upkeep and exception handling, like common in many WAF solutions.


To learn more about how open-appsec works, see this White Paper and the in-depth Video Tutorial. You can also experiment with deployment in the free Playground.


Comments

Experiment with open-appsec for Linux, Kubernetes or Kong using a free virtual lab

bottom of page