GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → baidu → Openrasp

baidu / Openrasp

Licence: apache-2.0
🔥Open source RASP solution

Programming Languages

C++
36643 projects - #6 most used programming language
java
68154 projects - #9 most used programming language
go
31211 projects - #10 most used programming language
PHP
23972 projects - #3 most used programming language
CSS
56736 projects
HTML
75241 projects

Labels

securitywafdevsecopsopenrasp

Projects that are alternatives of or similar to Openrasp

aws-firewall-factory
Deploy, update, and stage your WAFs while managing them centrally via FMS.
Stars: ✭ 72 (-96.46%)
Mutual labels:  waf, devsecops
Awesome Devsecops Russia
Awesome DevSecOps на русском языке
Stars: ✭ 133 (-93.47%)
Mutual labels:  devsecops
Pwn Sandbox
A sandbox to protect your pwn challenges being pwned in CTF AWD.
Stars: ✭ 81 (-96.02%)
Mutual labels:  waf
Tesla
Tesla is a gateway service that provides dynamic routing,waf,support spring cloud,gRPC,DUBBO and more.
Stars: ✭ 109 (-94.65%)
Mutual labels:  waf
Vxscan
python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
Stars: ✭ 1,244 (-38.9%)
Mutual labels:  waf
Terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Stars: ✭ 2,687 (+31.97%)
Mutual labels:  devsecops
Purify
All-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (-96.46%)
Mutual labels:  devsecops
Curiefense
Curiefense is a unified, open source platform protecting cloud native applications.
Stars: ✭ 136 (-93.32%)
Mutual labels:  waf
Archerysec
Centralize Vulnerability Assessment and Management for DevSecOps Team
Stars: ✭ 1,802 (-11.49%)
Mutual labels:  devsecops
Devsecops
This repository contains information about DevSecOps and how to get involved in this community effort.
Stars: ✭ 103 (-94.94%)
Mutual labels:  devsecops
Collection Document
Collection of quality safety articles. Awesome articles.
Stars: ✭ 1,387 (-31.88%)
Mutual labels:  waf
Cidram
CIDRAM: Classless Inter-Domain Routing Access Manager.
Stars: ✭ 86 (-95.78%)
Mutual labels:  waf
Njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (-93.71%)
Mutual labels:  devsecops
Hooman
http interceptor to hoomanize cloudflare requests
Stars: ✭ 82 (-95.97%)
Mutual labels:  waf
Go Agent
Sqreen's Application Security Management for the Go language
Stars: ✭ 134 (-93.42%)
Mutual labels:  waf
Mobile Security Framework Mobsf
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+401.57%)
Mutual labels:  devsecops
Dotnetpad
The Waf DotNetPad is a simple and fast code editor that makes fun to program with C# or Visual Basic.
Stars: ✭ 101 (-95.04%)
Mutual labels:  waf
Kccss
Kubernetes Common Configuration Scoring System
Stars: ✭ 111 (-94.55%)
Mutual labels:  devsecops
Whatwaf
Detect and bypass web application firewalls and protection systems
Stars: ✭ 1,881 (-7.61%)
Mutual labels:  waf
Nodejsscan
nodejsscan is a static security code scanner for Node.js applications.
Stars: ✭ 1,874 (-7.96%)
Mutual labels:  devsecops
View All Similar Projects ➔

OpenRASP

Build Status Build Status

Introduction

Unlike perimeter control solutions like WAF, OpenRASP directly integrates its protection engine into the application server by instrumentation. It can monitor various events including database queries, file operations and network requests etc.

When an attack happens, WAF matches the malicious request with its signatures and blocks it. OpenRASP takes a different approach by hooking sensitive functions and examines/blocks the inputs fed into them. As a result, this examination is context-aware and in-place. It brings in the following benefits:

  1. Only successful attacks can trigger alarms, resulting in lower false positive and higher detection rate;
  2. Detailed stack trace is logged, which makes the forensic analysis easier;
  3. Insusceptible to malformed protocol.

Quick Start

See detailed installation instructions here

We also provide a few test cases that are corresponding to OWASP TOP 10 attacks, download here

FAQ

1. List of supported web application servers

We've fully tested OpenRASP on the following application servers for Linux platforms:

  • Java
    • Tomcat 6-9
    • JBoss 4.X
    • Jetty 7-9
    • Resin 3-4
    • SpringBoot 1-2
    • IBM WebSphpere 8.5, 9.0
    • WebLogic 10.3.6, 12.2.1
  • PHP
    • 5.3-5.6, 7.0-7.3

The support of other web application servers will also be soon included in the coming releases.

2. Performance impact on application servers

We ran multiple intense and long-lasting stress tests prior to release. Even in the worst-case scenario (where the hook point got continuously triggered) the server's performance was only reduced by 1~4%

3. Integration with existing SIEM or SOC

OpenRASP logs alarms in JSON format, which can be easily picked up by LogStash, rsyslog or Flume.

4. How to develop a new plugin?

A plugin receives a callback when an event occurs. It then determines if the current behavior is malicious or not and blocks the associated request if necessary.

Detailed plugin development instructions can be found here

Contact

Technical support:

Business inquires, comments and security reports:

  • General email: openrasp-support # baidu.com
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].