In this series of videos we will talk about Web App & API Protection history, technology, requirements, challenges and solutions. We will make it short and informed. Please subscribe. Part 1 - open source WAF history and WAF vendors and opportunities: Open-source technology has enabled the tech industry to creatively use, build, connect and innovate. Can you imagine a modern tech stack without open-source projects like Linux, Kubernetes, Kafka, Python, ElasticSearch, NGINX, Redis and numerous others?? In November 2002, Ivan Ristić, an English engineer, released a module for monitoring application traffic for Apache HTTP Server, known as ModSecurity. A few years later, the module was released under an open-source license, and together with OWASP Core Rule Set - a set of signatures for detecting web exploits, became the cornerstone of the entire WAF industry. Twenty years later many vendors including Imperva, AWS, Microsoft, Akamai, F5 NGINX and others are still providing WAF products based on ModSecurity concepts, signatures and even code. In the next parts of this series, we will talk about the opportunity to modernize the 20-years old approach of protecting Web Apps & APIs, to address today's fast evolving attack landscape and DevOps needs, while keeping the benefits of open-source. --- open-appsec |