NGINX App Protect WAF 101 – Part 2: Policy Tuning Using Third-Party Monitoring Tools

In Part 2 of the NGINX App Protect WAF 101 series, we discuss “Policy Tuning Using Third-Party Monitoring Tools.” In this demo, we review when to update your NGINX App Protect WAF policy and how to go about doing so. We provide a basic overview of the process, what to look for that would indicate your policy many need to be updated, how to update the policy, apply it, and check to see if you have positive results.

This demo will showcase the OWASP Juice Shop modern app that has vulnerabilities associated with it and needs protection. It is hosted on a container and NGINX Plus with NGINX App Protect WAF is installed on it with the default policy to provide the needed app protection. We will use a third-party logging and monitoring dashboard tool, an ELK stack, to review the log output from NGINX App Protect WAF and help monitor the application.

We will look at an alert, the violation associated with it, and drill down into the event details and show how to apply policy tuning. NGINX App Protect WAF is lightweight and can be integrated easily into your CI/CD workflows to enable app security policies to be tested in lower environments prior to reaching production.

https://docs.nginx.com/nginx-app-protect-waf

Additional Resources:

Webpage: NGINX App Protect WAF
⬢ https://bit.ly/41IEYtc

Datasheet: NGINX App Protect WAF
⬢ https://bit.ly/40sebzX

Blog: Automate Security with NGINX App Protect WAF to Reduce the Cost of Breaches
⬢ https://www.nginx.com/blog/automate-security-f5-nginx-app-protect-f5-nginx-plus-to-reduce-cost-of-breaches/

Free Trial: Test Drive NGINX App Protect WAF for 30 Days
⬢ https://bit.ly/3Ad9WOk