2019 Top Ten Reviews open source WEB application firewall

Others 2019-09-23 22:34:07 views: null

 

2019 Top Ten Open Source WEB application firewall Comments

 

  With WEB explosive growth of applications and HTTPS encryption popularity for network application layer attacks, like SQL injection, cross-site scripting, parameter tampering, application platform exploits, denial of service attacks more and more, the traditional firewall failure detection function, so for web sites, the deployment of a WEB application firewall is very important, in this regard a lot of commercial products, open source, no less, here we go through a lot of searching, sorting out the 2019 top ten free open-source products for your reference great God .

 

1ModSecurity

    ModSecurity began as a Apache security module, and later developed into open source, cross-platform WEB application firewall . It can check WEB received service data, and the data sent to the security of the site.

  On top of that well-known security community OWASP , developed and maintains a free application protection rules, which is called OWASP of ModSecurity Core Rule Set ( ie CRS) , covering almost as SQL injection, XSS cross site scripting attacks, DOS and other dozens of common WEB attacks.

Now supports Nginx and IIS , with Nginx flexible and efficient, can fight the production level of WAF , it is to protect and audit WEB security tool for many commercial WAF but also according to their modified from.

Project Address: https://github.com/SpiderLabs/ModSecurity

 

2 HiHTTPS 

hihttps is a rare complete source of high-performance SSL WEB application firewall ( SSL WAF ), using epoll mode supports high concurrency, and is compatible with ModSecurity regular rule, characterized by a simple, efficient and practical, very worthy collection for beginners.

hihttps simple, but the protective functions ranging, including: vulnerability scanning, CC & DDOS , brute, SQL injection, XSS attacks, anti-crawlers, as well as improve the website files precise mechanism black and white lists to block attacks.

Project Address: https://github.com/qq4108863/hihttps

 

3OpenWAF 

  OpenWAF is based Nginx_lua API analyze HTTP request information , a behavior analysis engine and rules engine two functions constitute the engine, which rules the main engine for a single request for analysis, behavioral analysis engine is responsible for tracking information across requests.

Heuristics engine from modsecurity and freewaf (lua-Resty-waf) , the ModSecurity rules mechanism with lua achieved.

 Rule-based engine can perform protocol specification, automated tools, injection attacks, cross-site attacks, information leaks, unusual requests, security, support for dynamic add rules, timely repair loopholes. The disadvantage is complex, not suitable are not familiar with Nginx and lua developers language.

Project Address: https://github.com/titansec/OpenWAF

 

4、FreeWAF

    FeeWAF is an open source WEB application firewall product, named FreeWAF , it works at the application layer for HTTP bidirectional deep Detection: For from the Internet in real-time attack protection, application layer vulnerabilities hackers use to avoid unlawful taking or destruction site data, can be effective against various hacker attacks, such as SQL injection attacks, XSS attacks, CSRF attack, a buffer overflow, the application layer DOS / DDOS attacks; Meanwhile, WEB error message in response to the server side, and undesired malicious content Specifications for real-time content filtering, prevent leaks of sensitive information, ensure the reliability of information on the website. But the project has been a long time not updated.


5 , ESAPI WAF

 This is OWASP ESAPI an open source project to provide the WAF , based on J2EE implementation, the main use of XML configuration driven firewall. When installed, the WEB.xml will Consider the ESAPI WEBApplicationFirewallFilter configured to filter , and after processing the input and output before the application.

 

6unixhot

    unixhot is using Nginx + Lua implement custom the WAF , a word description, is to parse HTTP request (protocol analysis module), the detection rule (rule module), do different defense action (operation block), and defense processes (log module) record , very simple.

Project Address: https://github.com/unixhot/waf

 

7 , Java WAF

 With Java development WAF little, we found a use Java to develop the API Gateway , because the WAF is built on open source proxy LittleProxy above, so that the WAF bottom using Netty . Support function security interceptor , all kinds of analytical testing , script (sandbox) , flow control / CC protection and so on. Not C language, Java gospel lovers.

Project Address: https://github.com/chengdedeng/waf

 

8 , Naxsi

    Naxsi is a based on Nginx firewall module has its own rules definition, advocating low rules . Project consists of C written language, we need to master the Nginx source code can understand.

Project Address: https://github.com/nbs-system/naxsi

 

9 , the X-WAF

    X-WAF is a suitable medium and small enterprise cloud WAF system that allows medium and small businesses can easily have their own free cloud WAF . Core Based openresty + lua development , waf management background : The golang + xorm + macrom development, deployment support binary form.

Project Address: https://github.com/xsec-lab/x-waf

 

10VeryNginx 

    VeryNginx  is based  lua_Nginx_module (openrestry)  develop, implement advanced firewall, access statistics and some other features. In the integrated Nginx  operation, extended Nginx  itself functions, and provides a friendly WEB  interface.

Project Address: https://github.com/alexazhou/VeryNginx/

 

Evaluation:

1, the current commercial basic firewall stereotyped Nginx module, many in openrestry do the secondary development, complete source code really little, hihttps count as one.

2, C is the preferred language application software firewall, mainly C innate system and the underlying combination of speed block, the compiler is not out of something, to support high concurrent requests and other advantages.

3, HTTPS encryption is the trend, the traditional HTTP expressly website will soon be eliminated, based on SSL 's WEB application firewall is the future focus.

4, WEB biggest trends in application firewall is the future of artificial intelligence, accurate judgment unknown vulnerability, an unknown attack, in general, in the country attaches great importance to network security background, the industry is still much room for development.

Guess you like

Origin www.cnblogs.com/hihttps/p/11572773.html
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com