OWASP
Definition
OWASP, the Open Web Application Security Project, is a non-profit organization focused on improving the security of software. It provides free resources, such as tools, documentation, and community-driven projects, to help developers and security professionals identify and mitigate vulnerabilities in web applications. One of its most notable contributions is the OWASP Top Ten, a regularly updated list highlighting the most critical security risks to web applications.
Secure Settings Example
# Example of a secure configuration for a web application firewall (WAF)
waf:
enabled: true
rules:
- id: 1001
action: block
description: "SQL Injection Prevention"
pattern: ".*(union.*select|select.*from).*"
- id: 1002
action: block
description: "Cross-Site Scripting Prevention"
pattern: "<script.*>.*</script.*>"
Insecure Settings Example
# Example of an insecure configuration for a web application firewall (WAF)
waf:
enabled: false
rules:
- id: 1001
action: allow
description: "SQL Injection Prevention"
pattern: ".*(union.*select|select.*from).*"
- id: 1002
action: allow
description: "Cross-Site Scripting Prevention"
pattern: "<script.*>.*</script.*>"