Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OWASP Web & API Attacks Protection #9

Open
nandhued opened this issue Mar 18, 2024 · 1 comment
Open

OWASP Web & API Attacks Protection #9

nandhued opened this issue Mar 18, 2024 · 1 comment
Assignees
@PrimalPimmy

Comments

@nandhued
Copy link

The context for this work item is "Exploit Public Facing applications" in [1].

We need to support a WAF to address this attack.

The WAF can be either at the ingress controller and/or the service - depending on whether these resources are present in the cluster, and also if the resource types (such as nginx/Istio/..) support WAF.

The work items consists of

  • building a WAF adapter which configures WAF in the system
  • Able to configure the WAF rules

Below reference provides a quick overview of the types of WAF available

We need to target AWS, GCP, Azure, Openshift. Customer might have chosen default WAF. We might have to perform some policies / configuration based on the WAF being enabled.

Ref:
[1] https://docs.google.com/document/d/1RUUWq8Kfn3j2fZrFRi4jEIIcK8no0nZMnExsJqJGmbM/edit?usp=drive_link
@nandhued nandhued converted this from a draft issue Mar 18, 2024
@shivaccuknox shivaccuknox modified the milestone: 31/05/24 May 14, 2024
@anurag-rajawat anurag-rajawat removed their assignment May 28, 2024
@anurag-rajawat anurag-rajawat moved this from 📋 Backlog to 🏗 In progress in SentryFlow Oct 27, 2024
@anurag-rajawat anurag-rajawat mentioned this issue Oct 27, 2024
Open
@nandhued nandhued moved this from 🏗 In progress to 📋 Backlog in SentryFlow Nov 4, 2024
@nandhued
Copy link
Author

nandhued commented Nov 4, 2024

Blocked till : https://github.com/accuknox/dev2/pull/306 is reviewed and merged.

@nandhued nandhued moved this from 📋 Backlog to ❌ Blocked in SentryFlow Nov 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@PrimalPimmy PrimalPimmy

Labels
None yet
Projects
SentryFlow
Status: 🏗 In progress
Milestone
No milestone
Development

No branches or pull requests
4 participants
@PrimalPimmy @nandhued @anurag-rajawat @shivaccuknox