# What is open-appsec?

open-appsec is an open-source fully automated Web Application and API Security solution. It is powered by a machine learning engine which continuously analyzes users' HTTP/S requests as they visit the website or API.&#x20;

The analysis includes the application structure and how users interact with the content in order to identify patterns and automatically stop and block malicious requests and bad actors.

open-appsec provides pre-emptive threat protection against OWASP Top-10- and zero-day attacks. Thanks to machine learning, there is no threat signature upkeep and exception handling, like common in many WAF solutions.&#x20;

It can be deployed as add-on to many platforms and solutions, e.g.:\
\
**NGINX**\
**Ingress NGINX**\
**NGINX Proxy Manager**\
**NPMplus**\
**Docker SWAG**\
**Kong API Gateway**\
**Apache APISIX API Gateway** \
**Envoy** \
**Istio Ingress Gateway**

The project GitHub is available [here](https://github.com/openappsec).

## Main features of open-appsec

* **Machine Learning-based Application Firewall** - stop application layer attacks including OWASP Top 10 with very minimal tuning and no false positives. Pre-emptive (no signature updates required) protection for zero-days such as Log4Shell and Spring4Shell.
* **API Security**&#x20;
  * stop malicious API access and abuse&#x20;
  * and enforce API schema (Premium Edition)
* **Bot Prevention** - Identify and stop automated attacks before they negatively impact the bottom line or customer experience (Premium Edition)
* **Intrusion Prevention**
  * Full IPS Engine with support for custom Snort 3.0 signatures.
  * Protections for over 2,800 WEB CVEs, based on Check Point award winning NSS-Certified IPS (Premium Edition)&#x20;
* **File Security -** Prevent malicious files from being uploaded into web apps and APIs servers. The engine scans the HTTP traffic analyses any files uploaded and consults a huge cloud repository as to the file's reputation (Premium Edition)
* **Rate Limiting** - Safeguard your websites and API by setting a cap on how many requests. can be made within a certain period, based on identifiers such as IP address (Community Edition) or keys within JWT, cookies or headers (Premium Edition)&#x20;
* **HTTPS Traffic inspection** - SSL certificate and private keys can be stored locally or in public cloud secrets storage (AWS/Azure)
* **Integration into modern environments** and workloads (public cloud & Kubernetes) and CI/CD workflows, supporting **NGINX Ingress Controller, NGINX, NGINX Proxy Manager, NPMplus, Envoy, Docker SWAG, APISIX and Kong API Gateways, Istio Ingress Gateway** on **Kubernetes, Linux Servers and Containers (Docker).**
* **Ease of ongoing management and maintenance** – Enterprise Grade SaaS Web UI, GraphQL API and Infrastructure-as-code using Terraform
* **GitOps-CD-ready** - alternatively to using the central WebUI manage open-appsec locally, declaratively using local configuration file (Docker/Linux) or CRDs/annotations (Kubernetes)