OWASP Web & API Attacks Protection

[nandhued]

The context for this work item is "Exploit Public Facing applications" in [1].

We need to support a WAF to address this attack.

The WAF can be either at the ingress controller and/or the service - depending on whether these resources are present in the cluster, and also if the resource types (such as nginx/Istio/..) support WAF.

The work items consists of

• building a WAF adapter which configures WAF in the system
• Able to configure the WAF rules

Below reference provides a quick overview of the types of WAF available

We need to target AWS, GCP, Azure, Openshift. Customer might have chosen default WAF. We might have to perform some policies / configuration based on the WAF being enabled.

Ref:
[1] https://docs.google.com/document/d/1RUUWq8Kfn3j2fZrFRi4jEIIcK8no0nZMnExsJqJGmbM/edit?usp=drive_link

[nandhued]

Blocked till : https://github.com/accuknox/dev2/pull/306 is reviewed and merged.