2021-10-31T05:08:00Z

Which open-source WAF would you recommend for a large company?

EB
  • 3
  • 106
PeerSpot user
2

2 Answers

Nir - PeerSpot reviewer
MSP
2022-06-28T14:11:17Z
Jun 28, 2022

Hi,


You can check out Curiefense.io.


It is suitable for both enterprises and SMBs. 

EB
Community Manager
Jun 29, 2022

@Nir why do you recommend this (and not another) product?

PeerSpot user
Search for a product comparison in Application Security Tools
JT
Real User
2021-11-01T13:51:15Z
Nov 1, 2021

I do NOT have a simple answer. 


However, we have to start looking at the OSI Model. WAF only satisfies some but not all OSI layers. 


I would list out the requirements, prior to asking this question. With the requirements in place, there are open-source packages that would satisfy most of your requirements (there is NOT one Hat that fits all).


I am using NGINX as an internal WAF. In a normal mode, the internal traffic is a lot less malicious than from the public network.

EB
Community Manager
Jun 29, 2022

@JosephTran thanks for your answer! 
What would be your WAF solution for external DoS (especially, DDoS) attacks? I'm not certain that NGINX will be able to eliminate them. Am I wrong?

PeerSpot user
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: March 2024.
765,234 professionals have used our research since 2012.
Application Security Tools
Application security is a significant challenge for software engineers, as well as for security and DevOps professionals. It comprises the measures taken to improve the security of online services and websites against malicious attacks by finding, repairing, and preventing security weaknesses and vulnerabilities.
Download Application Security Tools ReportRead more

Related Q&As