Docker containers are becoming more popular and portable to use. The need of Web Application firewall reached the critical level. To make it easy to implement, we created this nginx docker container having libmodsecurity integrated with Owasp CRS. This basically acts as a web application firewall and can defend various web attacks including "OWASP top 10".

1. Opensource PnP container based
WAF

2. Varun Kondagadapa
I’m a:
● Blogger
● Docker superuser!
● Complex gitlab plugins
and pipelines
● Python/C# Programmer
● Zerotrust phase 1
● DevSecOps
● Microsoft fan but use
Linux
I’m not a:
● Bug hunter
● Malware researcher
● ML guy
https://www.reborninfosec.com
/

3. The Suite
● Docker
● Nginx
● Modsecurity
● Owasp CRS

4. ● Not a VM
● Stateless
● Cross Platform
● Scalable
● Why Docker

5. ● Web Server
● Request handler
● Reverse Proxy
● Load Balancer
● Concurrent
connections(C10K)

6. ● Embedded
● Intercept, analyze and store
HTTP traffic
● Real-time application
security monitoring
● Generic attack detection
rules
● Paranoia Levels
● Sampling mode
● False Positives

8. Workflow

9. Demo
● Configure proxy.conf
● bWapp
● Docker commands

10. Demo
● Configure proxy.conf
● bWapp
● Docker commands

11. Demo
● Configure proxy.conf
● bWapp
● Docker commands
Single command!
$ docker run --name WAF -v
/your/proxy.conf:/etc/nginx/co
nf.d/proxy.conf -p 80:80 -d
reborninfosec/curl-waf
$ docker run -p 81:80 --name
bwap raesene/bwapp

12. Demo Time

13. Conclusion
Securing Web applications made easy!
Future Work
Securing Web applications is not that easy!

14. References
● https://modsecurity.org/
● https://coreruleset.org/
● https://www.modsecurity.org/CRS/Documentation/
● https://hub.docker.com/r/reborninfosec/curl-waf
● https://hub.docker.com/r/raesene/bwapp/
● https://docs.docker.com/install/
● https://nginx.org/en/
● http://www.itsecgames.com/
● https://github.com/CurlAnalytics/WAF
● https://medium.com/@varun_k_36381/securing-web-applications-turnkey-firewall-so
lution-4f57657bc601