Would you recommend using an open-source WAF for a large company? If so, which one and why?
I do NOT have a simple answer.
However, we have to start looking at the OSI Model. WAF only satisfies some but not all OSI layers.
I would list out the requirements, prior to asking this question. With the requirements in place, there are open-source packages that would satisfy most of your requirements (there is NOT one Hat that fits all)
I am using NGINX as an internal WAF. In a normal mode, the internal traffic is a lot less malicious than from the public network.
Hi @Manjil Bhetwal, @Etienne WEHRLE, @Vipin Garg and @Enayat Galsulkar,
Possibly, you have some recommendations for the community.
Thanks in advance.
What top trends do you predict about DevOps and DevSecOps for 2022?
In your opinion, what is gonna change this year vs 2020-2021?
What are the OWASP Top 10 this year?
What single web app security tool (or a minimum set of tools) would you recommend for overall web app protection (from the most critical security risks covered by these Top 10)?