GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → BBVA → waf-brain

BBVA / waf-brain

Licence: Apache-2.0 license
Machine Learning WAF Based

Programming Languages

Jupyter Notebook
11667 projects
python
139335 projects - #7 most used programming language
Makefile
30231 projects

Labels

machine-learningwafowaspmodsecurity

Projects that are alternatives of or similar to waf-brain

ftw
Framework for Testing WAFs (FTW!)
Stars: ✭ 106 (+43.24%)
Mutual labels:  waf, owasp, modsecurity
coraza-caddy
OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
Stars: ✭ 75 (+1.35%)
Mutual labels:  waf, owasp
wafbypasser
No description or website provided.
Stars: ✭ 73 (-1.35%)
Mutual labels:  waf, owasp
waflab
A web-based testing platform for WAF (Web Application Firewall)'s correctness
Stars: ✭ 25 (-66.22%)
Mutual labels:  waf, modsecurity
aws-firewall-factory
Deploy, update, and stage your WAFs while managing them centrally via FMS.
Stars: ✭ 72 (-2.7%)
Mutual labels:  waf, owasp
Modsecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analys…
Stars: ✭ 5,015 (+6677.03%)
Mutual labels:  waf, modsecurity
Go Agent
Sqreen's Application Security Management for the Go language
Stars: ✭ 134 (+81.08%)
Mutual labels:  waf, owasp
cyclonedx-cli
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
Stars: ✭ 154 (+108.11%)
Mutual labels:  owasp
headers
An application to catch, search and analyze HTTP secure headers.
Stars: ✭ 59 (-20.27%)
Mutual labels:  owasp
cwe-tool
A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
Stars: ✭ 40 (-45.95%)
Mutual labels:  owasp
Secbox
🖤 网络安全与渗透测试工具导航
Stars: ✭ 222 (+200%)
Mutual labels:  waf
Slides
The repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.
Stars: ✭ 56 (-24.32%)
Mutual labels:  owasp
tutorials
Additional Resources For Securing The Stack Tutorials
Stars: ✭ 36 (-51.35%)
Mutual labels:  owasp
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 7,533 (+10079.73%)
Mutual labels:  owasp
mod csrfprotector
apache 2.x.x module, for CSRF mitigation
Stars: ✭ 20 (-72.97%)
Mutual labels:  owasp
phpwaf-phanalyzer
AliGuard PHP WAF
Stars: ✭ 12 (-83.78%)
Mutual labels:  waf
crAPI
completely ridiculous API (crAPI)
Stars: ✭ 549 (+641.89%)
Mutual labels:  owasp
Raptor waf
Raptor - WAF - Web application firewall using DFA [ Current version ] - Beta
Stars: ✭ 246 (+232.43%)
Mutual labels:  waf
ingress
Kubernetes Ingress controller with integrated Wallarm services
Stars: ✭ 31 (-58.11%)
Mutual labels:  waf
shieldfy-php-client
The official PHP SDK for Shieldfy
Stars: ✭ 15 (-79.73%)
Mutual labels:  waf
View All Similar Projects ➔

WAF-Brain - the clever and efficient Firewall for the Web

https://img.shields.io/pypi/v/waf-brain https://img.shields.io/github/issues/BBVA/waf-brain https://img.shields.io/pypi/l/waf-brain https://img.shields.io/pypi/pyversions/waf-brain

https://raw.githubusercontent.com/BBVA/waf-brain/master/docs/waf-brain-logo-250px.png

What's WAF-Brain

This project was born to try to create a WAF (Web Application Firewall) with the Machine-Learning-Deep Learning Way.

WAF-Brain detect attacks by using Deep Learning Networks. It checks each parameter of each HTTP Request by the network. The Neural Network resolved if a specific parameter content is dangerous or not. If it consider that parameter is dangerous, then WAF-Brain will block the request.

Note

Currently the project only includes models for SQL Injection Attacks, but you can use your custom machine-learning model.

About the the research

You can find the complete document about the research process at RESEARCH.md

Install

$ pip install waf-brain

Usage

Demo App

We have developed a demo App, that you can find at demo app.

In summary, it exposes an end-point at /{tail} that accept a random parameter in tail.

For launching the App.

$ pip install aiohttp
$ python app.py
======== Running on http://127.0.0.1:5000 ========
(Press CTRL+C to quit)

Consume the App with curl is so easy:

$ curl -v /my-tail
OK

We we'll use this app to check the WAF

Launching WAF

The application that we want to protect listen at 127.0.0.1:5000. Then:

With the default model

$ waf_brain -A 127.0.0.1:5000 -l 0.0.0.0
======== Running on http://127.0.0.1:8000 ========
(Press CTRL+C to quit)

custom model

$ waf_brain -l 0.0.0.0 -A 127.0.0.1:5000 -M custom_model.h5
======== Running on http://127.0.0.1:8000 ========
(Press CTRL+C to quit)

Testing mode

For launch a server in test mode with our model on localhost, and collect partial results, launch this command

$ waf_brain -T --dump-file logs.txt -l 0.0.0.0 -A 127.0.0.1:5000
======== Running on http://127.0.0.1:8000 ========
(Press CTRL+C to quit)

Benchmarking

You have multiples kind of benchmarking, by a hacking tool (like sqlmap) or using our WAF-Benchmark.

In summary, in our test, we found that with WAF-Brain you can detect more attacks, in long payloads, than ModSecurity.

Other Options

CLI is self-explained you can use -h command to display all the options:

$ waf-brain -h
usage: waf-brain [-h] [-v] [--backend-timeout BACKEND_TIMEOUT]
                 [-A PROTECTED_URL] [-l LISTEN] [-p PORT] [-b BACKLOG]
                 [--blocking-mode] [--blocking-threshold BLOCKING_THRESHOLD]
                 [-M MODEL] [-T] [--dump-file DUMP_FILE] [-a]

WAF-brain: the clever and efficient Firewall for the Web

optional arguments:
  -h, --help            show this help message and exit
  -v                    log level

Server Options:
  --backend-timeout BACKEND_TIMEOUT
                        timeout to connect to the backend
  -A PROTECTED_URL, --protected-url PROTECTED_URL
                        address service to protect with the WAF
  -l LISTEN, --listen LISTEN
                        listen address. Default: 127.0.0.1
  -p PORT, --port PORT  listen port for service. Default: 8000
  -b BACKLOG, --backlog BACKLOG
                        maximum concurrent connections

WAF Behavior:
  --blocking-mode       enables active blocking of dangerous request
  --blocking-threshold BLOCKING_THRESHOLD
                        if the dangerous levels is upper this number, and
                        blocking mode is enabled, WAF will block a request
  -M MODEL, --model MODEL
                        model used for WAF

Enable testing mode:
  -T, --enable-testing  enable testing mode
  --dump-file DUMP_FILE
                        dump file to track each request
  -a, --access-log      enable access log for each request

Authors

Waf-Brain is being developed by BBVA-Labs Security team members

Waf-Brain is Open Source Software and available under the Apache 2 license

Contributions

Contributions are of course welcome. See CONTRIBUTING or skim existing tickets to see where you could help out.

Acknowledgments

Logo image was Designed by Freepik

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].