OWASP Coraza: The way to WAF in 2023

The presentation discusses the importance of web application firewalls (WAFs) in cybersecurity and the benefits of using the open-source WAF, Coraza. The speaker emphasizes the need for companies to embrace API security and the new internet, and highlights the challenges of handling SQL injection and cross-scripting attacks. The presentation also showcases the Coraza playground, a tool for debugging and testing web applications.

• WAFs are crucial in protecting against cyber threats such as SQL injection and cross-scripting attacks
• Coraza is an open-source WAF that offers active development and easy customization through customer support
• API security and the new internet must be embraced by companies
• Handling SQL injection and cross-scripting attacks is challenging due to the variety of SQL dialects and HTML syntax
• The Coraza playground is a useful tool for debugging and testing web applications

The speaker demonstrates the Coraza playground, an HTML application that allows users to test and debug their web applications using the Coraza WAF. The playground showcases the matching of SQL injection rules in an HTML application and the extension of the WAF to include new tests and rules. The speaker also highlights the importance of using the right rule set to protect against cyber threats.

We are fighting a 2023 problem by using early 2000s technology. The web has evolved. Some people even talk about web 3.0, bringing blockchain technology into our daily internet navigation. Therefore, the threats have evolved, SQL injection isn’t as common as it used to be, and attackers are now looking for more complex vulnerabilities that could provide faster and bigger profits. New technologies also come with new architecture and deployment requirements, so the final question becomes, how can we protect our applications without risking false positives or decreasing performance? OWASP Coraza’s goal is to solve these questions by providing a modern approach to Open-Source WAF using Golang. Coraza provides a modular, fast, developer-friendly, and efficient set of WAF capabilities that can be easily integrated into any program, it also provides connectors for Web Servers, API Gateways, HTTP frameworks, and more. Coraza is 100% compatible with OWASP Core Ruleset and extends ModSecurity capabilities to the 2020s internet.This is the first public talk of OWASP Coraza WAF. We are currently a lab project in OWASP, soon Flagship. Coraza is also used by many fortune 500 companies around the world, in the top 10 of the ranking.Topics:WAF in the early 2000s1990s World Wide WebAppShield WAFReverse/Transparent ProxyModSecurityRich Content Applications (Ajax)OWASP TOP 10Core RulesetBlocking Models Web 2.0New web FrameworksWebsockets: Transmitted data is not standard. How can we protect it?GraphQL: New language, new vulnerabilities Next Generation WAFs Libmodsecurity:From Apache to everything (mostly Nginx)New architecture Connectors WAF deployment TCP Dump: We can read decrypted traffic, but we cannot terminate a sessionEBPF: We can read encrypted traffic, but we cannot terminate a sessionOpen Tracing: We can read traffic, but we cannot terminate a sessionGRPC and OPA: Can be evaluated inline to terminate a sessionEdge Termination: Request session termination from another endpoint2023 ChallengesWe are not only looking for SQL InjectionEscalate and terminate without latencyRule-less protection0 False PositivesCompliance or protection?Compete against CDN WAFBlock the user, not the IPOWASP CorazaIntroduction to CorazaHigh-Level Architecture Deployment OptionsExtended Web/API capabilitiesExtensibilityRoadmapConclusionsCoraza Links:https://www.coraza.io/https://github.com/corazawaf/corazahttps://owasp.org/www-project-coraza-web-application-firewall/