We changed our name from IT Central Station: Here's why
2021-10-31T05:08:00Z

Which open-source WAF would you recommend for a large company?


Hello,

Would you recommend using an open-source WAF for a large company? If so, which one and why?

Thanks.

ITCS user
Guest
22 Answers

author avatar
User

I do NOT have a simple answer. 


However, we have to start looking at the OSI Model. WAF only satisfies some but not all OSI layers. 

I would list out the requirements, prior to asking this question. With the requirements in place, there are open-source packages that would satisfy most of your requirements (there is NOT one Hat that fits all)

I am using NGINX as an internal WAF. In a normal mode, the internal traffic is a lot less malicious than from the public network.

2021-11-01T13:51:15Z
author avatar
Community Manager

Hi @Manjil Bhetwal, @Etienne WEHRLE, @Vipin Garg ​and @Enayat Galsulkar,


Possibly, you have some recommendations for the community. 


Thanks in advance.

2021-11-01T03:18:48Z
Find out what your peers are saying about SonarSource, Veracode, Sonatype and others in Application Security. Updated: January 2022.
563,208 professionals have used our research since 2012.