Top 10 Open Source Web Application Firewalls (WAF) for WebApp Security

Web application firewalls provide security at the application layer. Essentially, WAF provides all your web applications a secure solution which ensures the data and web applications are safe.

A web application firewall applies a set of rules to HTTP conversation to identify and restrict the attacks of cross site scripting, SQL injections etc. You can also get web application framework and web based commercial tools, for providing security to web applications. Web Application Firewalls allows you to customize the rules by identifying and blocking malicious content. Some of the most popular and widely used open source web application firewalls for web application security are –

  1. ModSecurity (Trustwave SpiderLabs)
  2. ModSecurity is one of the oldest and widely used open source web application firewall which can detect application level threats on internet, and provides security against a range of security issues to web applications. It provides non viral open sources license and it can be integrated to Apache programs. Recently, ModSecurity released the version 2.6.0 which provides features for safe browsing API integration, sensitive data tracking and data modification features.

  3. AQTRONIX WebKnight
  4. AQTRONIX WebKnight is an open source application firewall designed specifically for web servers and IIS, and it is licensed through the GNU – General Public License. It provides the features of buffer overflow, directory traversal, encoding and SQL injection to identify / restrict the attacks.

  5. ESAPI WAF
  6. ESAPI WAF is developed by Aspect Security and it is designed to provide protection at the application layer instead of network layer. It is a Java based WAF which provides complete security from online attacks. Some of the unique features of the solution include outbound filtering features which reduce information leakage. It is configuration driven and not code based, and it enables easy installation by just adding configuration details in the text file.

  7. WebCastellum
  8. WebCastellum is a Java based web application firewall which can protect application against cross site scripting, SQL injections, command injections, parameter manipulation, and it can be integrated easily to a java based application. It is based on new technology and it can use existing code to provide protection.

  9. Binarysec
  10. Binarysec is web application software firewall, and it protects applications against illegitimate HTTP and blocks suspicious requests as well. It provides protection against cross site scripting, commend injections, parameter tampering, buffer overflow, directory traversal, SQL injection and attack obstruction. It takes not more than 10 minutes to install the software, and its user interface can manage Apache and other web servers and many sites on one machine.

  11. Guardian@JUMPERZ.NET
  12. Guardian@JUMPERZ.NET is an open source application layer firewall for HTTPS / HTTP and it assesses the HTTP / HTTPS traffic to protect the web application from external attacks. Guardian@JUMPERZ.NET immediately disconnects the TCP connection when the application comes in contact with a malicious / unauthorized request.

  13. OpenWAF
  14. Art of defense is a San Francisco based web application security provider which started a project on open source OpenWAF in February 2011. It’s also the first company to provide distributed web application firewall for Apache servers.

  15. Ironbee
  16. Qualys created cloud based open source web application firewall - Ironbee which examines the HTTP instead of the traditional IP packets to evaluate a data. It can even track attacks on cross site scripting code. Ironbee is published through Apache License version 2 and it provides no copyright assignment. It has modular structure and is quite easy to use.

  17. Profense
  18. ZION security offers an open source web application firewall similar to ModSecurity, and is called Profense. The web application firewall provided by Zion is essentially a Layer-7 firewall (which is also called “proxy firewall”) and it inspects the traffic to block content.

  19. Smoothwall
  20. Smoothwall provides strong web security tools to manage emails. The open source web filtering engine of Smoothwall is called DansGuardian. It has flexible user rules and a fully integrated component for web filtering and security. What’s more, it provides authenticated network access and traffic blocking. Smoothwall free firewall has security hardened Linux GNU OS too.


Internet based protection is also provided by companies which provide security at the network layer with features such as packet filter. Besides, there are some other types of firewalls which are designed to ensure security of the database. Therefore, the criteria for selecting an open source WAF should be the types of vulnerabilities the WAF can prevent and the exact requirements that your company is having. This list of open source web application firewalls would hence assist you in determining the apt WAF for Webapp security.

Hope you found this list useful! What is your experience with WAF? Please don't forget to share with me in comments.

Related

Tips 4268753494041635673

Post a Comment Default Comments

  1. I was subscribed with Ironbee for my local business directories sites and it was quite okay not until I moved to Binarysec. These are all great apps.

    ReplyDelete
  2. Your article is very informative and the use of graphics adds to understanding the process.

    ReplyDelete
  3. Home Lifestyle has a wide range of One Stop Home Essentials products suited for the Active, Busy, Mobile and City Living People, bringing the Quality of Life to a different level.

    ReplyDelete
  4. Your blog is simply great and helpful as well! Looking forward for more blogs like this.....

    Free web development.

    ReplyDelete
  5. Update - BinarySEC has released a new WAF called EasyWAF with a free trial

    ReplyDelete
  6. F-a-n-t-a-s-t-i-c ! I was looking for similar projects last week, and now i see this post. I normally use breadboard to do this type of work, with one of these, job will be more easy.Ecommerce Web Design

    ReplyDelete
  7. Thanks for the wonderful list as adding https://waf.comodo.com/ to this list will be a best option, because they provide real time protection for your web applications and websites which are running in both Apache and Linux based web-servers.

    ReplyDelete
  8. Thanks for the wonderful list as adding https://waf.comodo.com/ to this list will be a best option, because they provide real time protection for your web applications and websites which are running in both Apache and Linux based web-servers.

    ReplyDelete
  9. Hi this is nice set of WAF list. I would like to suggest one more which is https://waf.comodo.com . This one also has some good reviews.

    ReplyDelete
  10. New Open Source WAF - QuickDefence, developed using Nginx and Lua.

    Need Lua developers to contribute. https://github.com/jaydipdave/quickdefencewaf

    ReplyDelete
  11. A newly born Open Source WAF is here: https://github.com/jaydipdave/quickdefencewaf

    Please contribute, its free.

    ReplyDelete
  12. Do you know SEnginx - Security Enhanced NGINX?

    https://github.com/NeusoftSecurity/SEnginx

    ReplyDelete

Individuals who comment on FromDev at regular basis, will be rewarded in Top Commenter section. (Comments are selectively moderated so please do not spam)

emo-but-icon

item