open-source machine learning based WAF for Kubernetes Ingress, NGINX, Envoy and API Gateways
What is open-appsec?
open-appsec (openappsec.io) in an open-source initiative that builds on machine learning to provide pre-emptive web app & API threat protection against OWASP-Top-10 and zero-day attacks.
It can be deployed as add-on to Kubernetes Ingress, NGINX, Envoy and API Gateways.
The open-appsec engine learns how users normally interact with your web application. It then uses this information to automatically detect requests that fall outside of normal operations, and sends those requests for further analysis to decide whether the request is malicious or not.
open-appsec uses two machine learning models:
A supervised model that was trained offline based on millions of requests, both malicious and benign.
An unsupervised model that is being built in real time in the protected environment. This model uses traffic patterns specific to the environment.
open-oppsec simplifies maintenance as there is no threat signature upkeep and exception handling, like common in many WAF solutions.
- 129 Stars
- 10 Forks
- 2 Open Issues
- Web Application Security
Recent user activities on open-appsec
- bilbogh added open-appsecbi
- bilbogh added open-appsec as alternative(s) to Prophaze Cloud WAF
- bilbogh added open-appsec as alternative(s) to ModSecurity
Comments and Reviews Post a comment/review