How does open-appsec compare to ModSecurity?

open-appsec uses machine learning for adaptive, proactive threat detection, while ModSecurity is rule-based and requires frequent signature updates. open-appsec is better for zero-day protection with fewer false positives, but ModSecurity offers more manual control for specific compliance needs.

How to deploy open-appsec on Kubernetes?

Use the provided Helm charts to deploy open-appsec on Kubernetes. Follow the documentation to configure the agent and integrate it with your ingress controller, such as NGINX or Kong, for seamless security in containerized environments.

Does open-appsec work with Docker?

Yes, open-appsec can be deployed with Docker using the pre-built agent image. Run the agent container and attach it to your web app container as per the instructions, making it easy to secure Dockerized applications.

What's the difference between the basic and advanced ML models?

The basic model is included in the repo and suitable for testing, while the advanced model must be downloaded from the portal and is recommended for production due to higher accuracy and regular updates. However, this adds an external dependency.

How to configure open-appsec for NGINX?

For NGINX, use the installer script or compile the attachment from the repository. Set up shared memory and configure NGINX to pass traffic through open-appsec, with detailed steps available in the official documentation.

What is the performance impact of open-appsec?

open-appsec introduces some latency due to real-time HTTP analysis, but it's optimized for efficiency. Performance depends on traffic and configuration; tuning the unsupervised model can help minimize overhead in high-traffic scenarios.

Open-Awesome

open-appsec

Apache-2.0C++1.1.34

A machine learning security engine that preemptively prevents web app and API threats using supervised and unsupervised models.

Visit Website GitHub

1.6k stars124 forks0 contributors

What is open-appsec?

open-appsec is an open-source machine learning security engine that preemptively protects web applications and APIs from threats like OWASP Top-10 attacks and zero-day exploits. It uses a dual-model approach, combining a globally trained supervised model with an unsupervised model that adapts to your specific environment, analyzing HTTP requests in real-time to block malicious traffic before it causes harm.

Target Audience

DevOps engineers, security teams, and developers deploying web applications or APIs in Linux, Docker, or Kubernetes environments who need proactive, adaptive threat protection without relying solely on traditional signature-based methods.

Value Proposition

Developers choose open-appsec for its machine learning-driven approach that reduces false positives, prevents zero-day attacks, and integrates seamlessly with popular proxies and orchestration tools, offering a modern alternative to conventional web application firewalls.

Overview

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

Use Cases

Best For

Protecting web applications from OWASP Top-10 threats like SQL injection and XSS
Preventing zero-day attacks with machine learning-based anomaly detection
Securing APIs in microservices architectures deployed on Kubernetes
Adding adaptive security layers to NGINX, Kong, or Envoy proxies
Self-hosting a WAF alternative with real-time traffic learning
Enhancing DevSecOps pipelines with declarative security configurations

Not Ideal For

Environments requiring manual, rule-based WAF configurations for compliance audits
Teams using web servers not supported by open-appsec, such as Apache without NGINX
Applications with very low traffic that won't sufficiently train the unsupervised model
Projects needing out-of-the-box security without additional model downloads

Pros & Cons

Pros

Dual ML Models

Combines a globally trained supervised model with an environment-specific unsupervised model to detect both known attacks and zero-day threats effectively.

Flexible Deployment

Supports integration with NGINX, Kong, APISIX, or Envoy on Linux, Docker, or Kubernetes, offering versatile setup options for different infrastructures.

Real-Time Payload Inspection

Decodes and analyzes all HTTP request parts, including JSON and XML, to apply security measures before requests reach the application.

Proactive Threat Prevention

Uses machine learning to preemptively block OWASP Top-10 and zero-day attacks, reducing reliance on signature updates.

Cons

External Model Dependency

The advanced ML model, crucial for production, must be downloaded separately from the open-appsec portal, creating an external dependency and potential update delays.

Complex Initial Setup

Installation involves multiple steps, dependencies, and integration with proxies, which can be cumbersome and time-consuming for new users.

Limited Proxy Support

Only compatible with specific proxies like NGINX, Kong, APISIX, and Envoy; unsupported web servers require workarounds or alternatives.

Frequently Asked Questions

Related Projects

BunkerWeb

🛡️ Open-source and cloud-native Web Application Firewall (WAF)

Stars10,593

Forks616

Last commit3 days ago

NAXSI

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX

Stars4,818

Forks598

Last commit2 years ago

ModSecurity

ModSecurity is a toolkit for real-time web application monitoring, logging, and access control

Stars0

Forks0

Last commit

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub