open-appsec provides two Security Best Practices that can be easily activated in Detect/Learn mode or Prevent Mode: Web Application Protection and Web API Protection.

The practices use multiple security engines to analyze HTTP web requests and to deliver accurate verdict whether the request is malicious or benign. The engines protect applications and APIs against unknown and advanced web attacks, validate the input of APIs, distinguish humans from bots and protects against industry's well known attacks and CVEs.

open-appsec Security Practices

• Web Application Protection Practice

  • Contextual Machine Learning based-WAF

  • Anti-Bot Protection

  • Intrusion Prevention

• Web API Protection Practice

  • Machine Learning based-WAF looks for malicious payload inside API requests

  • Schema Validation module ensure that API requests adhere to API schema (Premium Edition only)

  • Intrusion Prevention

Security Engines

Contextual Machine Learning-based WAF: Prevent OWASP Top 10 and Advanced Attacks

This patented engine protect against advanced and zero-day web attacks. It executes a three-stage HTTP web request analysis and delivers an accurate verdict. It uses Contextual Machine Learning to identify if a web request is malicious or benign and provides:

1. Significantly reduced false-positive rate than traditional WAF (in traditional WAF decisions are mainly based on matches to signatures).

2. Provides zero-day protection by blocking different attack scenarios that are not blocked with a signature-only approach. For example, Log4Shell and Spring4Shell were blocked by open-appsec ML technology preemptively, without any software update.

3. Reduction in administration time because it is not constantly necessary to tune the engine, create exceptions, disable signatures, and more.

Learn more about the Contextual Machine Learning engines in the next section of this documentation.

API Security: Validate Schema and Prevent Attacks

Frequently, software developers do not include verification of API input in their code.

The open-appsec API security component provides two protection models: positive and negative. Administrators can enable one of them, or the two of them.

• The positive model delivers preemptive protection for possible API vulnerabilities through a schema validation procedure.

  API schemas in OpenAPI (such as used in "Swagger") are uploaded to open-appsec.

  Incoming API requests are validated against these schemas to block all invalid API requests (Premium edition only).

• The negative model uses the WAF and automatically detects and blocks malicious payloads in the API (included in all editions).

Anti-Bot Protection: Distinguish Humans from Bots

appsec-open Anti-Bot protection component (Premium edition only) performs a three-step procedure:

1. Inject scripts into web application pages, such as login pages.

2. Collect data about input patterns and canalize key stroke sequences, mouse moves, and finger touches.

   Bots do not use such patterns. If a bot artificially creates such patterns, open-appsec identifies them.

3. Make a decision if the input is entered by a human or by an automatic script (such as a bot), and block this activity.

Intrusion Prevention (IPS) for HTTP/S

In addition to the Contextual Machine-Learning based engine, open-appsec provides traditional signature-based protections for over 2800 web-based CVEs (Common Vulnerabilities and Exposures). One of the benefit of these signatures is the ability to see logs that indicate specific CVE number.

File Security - Early Availability

Files being uploaded to the web server may contain malicious content. CloudGuard AppSec's File security contains several engines that allow detection of those malicious files.

Custom Signatures (Snort Engine) - Early Availability

Admins can add also signatures in Snort format and they will be enforced by open-appsec Security Engines.