Security Practices

open-appsec provides security Practices that can be easily activated in Detect/Learn mode or Prevent Mode.

The practices use multiple security engines to analyze HTTP web requests and to deliver accurate verdict whether the request is malicious or benign. The engines protect applications and APIs against unknown and advanced web attacks, validate the input of APIs, distinguish humans from bots and protects against industry's well known attacks and CVEs.

open-appsec Security Practices

Web Attacks Protection Practice
- Contextual Machine Learning based-WAF
- Snort Signatures
- Intrusion Prevention (Premium Edition only)
- File Security (Premium Edition only)
API Protection Practice
- Schema Validation module ensure that API requests adhere to API schema (Premium Edition only)
Anti Bot
- Anti-Bot Protection (Premium Edition only)
Rate Limit

Security Engines

Contextual Machine Learning-based WAF: Prevent OWASP Top 10 and Advanced Attacks

Significantly reduced false-positive rate than traditional WAF (in traditional WAF decisions are mainly based on matches to signatures).
Provides zero-day protection by blocking different attack scenarios that are not blocked with a signature-only approach. For example, Log4Shell and Spring4Shell were blocked by open-appsec ML technology preemptively, without any software update.
Reduction in administration time because it is not constantly necessary to tune the engine, create exceptions, disable signatures, and more.

API Security: Validate Schema and Prevent Attacks

Frequently, software developers do not include verification of API input in their code.

The open-appsec API security component provides two protection models: positive and negative. Administrators can enable one of them, or the two of them.

The positive model delivers preemptive protection for possible API vulnerabilities through a schema validation procedure.
API schemas in OpenAPI (such as used in "Swagger") are uploaded to open-appsec.
Incoming API requests are validated against these schemas to block all invalid API requests (Premium edition only).

open-appsec supports OpenAPI Schemas V3 and above.

The negative model uses the WAF and automatically detects and blocks malicious payloads in the API (included in all editions).

Anti-Bot Protection: Distinguish Humans from Bots

appsec-open Anti-Bot protection component (Premium edition only) performs a three-step procedure:

Inject scripts into web application pages, such as login pages.
Collect data about input patterns and canalize key stroke sequences, mouse moves, and finger touches.
Bots do not use such patterns. If a bot artificially creates such patterns, open-appsec identifies them.
Make a decision if the input is entered by a human or by an automatic script (such as a bot), and block this activity.

Intrusion Prevention (IPS) for HTTP/S

In addition to the Contextual Machine-Learning based engine, open-appsec provides traditional signature-based protections for over 2800 web-based CVEs (Common Vulnerabilities and Exposures). One of the benefit of these signatures is the ability to see logs that indicate specific CVE number.

File Security

Files being uploaded to the web server may contain malicious content. CloudGuard AppSec's File security contains several engines that allow detection of those malicious files.

Custom Signatures (Snort Engine)

Admins can add also signatures in Snort format and they will be enforced by open-appsec Security Engines.

Rate Limit

open-appsec agents can limit the number of requests to a matched URI within a configured time scope, according to the source identifier.

PreviousManagement & Automation NextContextual Machine Learning

Last updated 2 months ago

Was this helpful?