NGINX App Protect WAF 101 - Part 1: What Is a Policy?
HTML-код
- Опубликовано: 28 сен 2024
- In Part 1 of the NGINX App Protect WAF 101 Series we discuss “What is a Policy?” In essence, it is the configuration that reflects the protection you want applied to your application and APIs. You can define a specific policy for your application whether it is JSON, XML, gRPC or GraphQL that is appropriate and the amount of security you want to apply to it.
In this demo, we review the out of the box default policy provided by NGINX App Protect WAF as the starting point for your application security. We discuss the supported security features and provide guidance on what to consider prior to tuning your policy.
NGINX App Protect WAF’s policy is a JSON file that allows you to attach a JSON schema file or OpenAPI file that describes your apps or APIs to the JSON policy to help you easily and quickly create a detailed policy without having to build out all the individual positive security rules. Additionally, it works well with security automation tools providing consistency in functionality and assurance of security efficacy once your application goes into production.
docs.nginx.com...
Additional Resources:
Webpage: NGINX App Protect WAF
⬢ bit.ly/41IEYtc
Datasheet: NGINX App Protect WAF
⬢ bit.ly/40sebzX
Blog: Automate Security with NGINX App Protect WAF to Reduce the Cost of Breaches
⬢ www.nginx.com/...
Free Trial: Test Drive NGINX App Protect WAF for 30 Days
⬢ bit.ly/3Ad9WOk
finally I ended up with a comprehensive tutorial on app protect !! thanks for sharing. there was a big need for this :)
Great video! Thanks for your effort, it helps me to understand the policy settings easily. It was quite hard to learn from the offical docx only.
100% agree! it stoping me from using it in the past when it first changed over the rebranding of the waf product.
In Europe you have to mark this video as advertising.
Is that nginx mode security describing here?
Don't know if you already figured out the answer on your own, but no - it is not. Basically it is the equivalent of F5 BIG-IP AWAF as a NGINX module.