In our modern world, web applications are becoming ever more important. Bad actors know this and they target them more frequently than ever before. This is not likely to stop any time soon as the number of web applications the world needs will only go up with its reliance on technology. To fully prevent an attack is impossible but we need to try our hardest to do so and in our daily struggles in this field we have a weapon that's known as "hardening".
In the most basic sense of the word, hardening your server means to increase its defences but in practice there are so many ways in which a server can be vulnerable. One technique that is commonly used is to sanitise the user input in our application. User data might contain malicious code or unexpected input and we should take care in hardening our servers against this behaviour.
Another hardening technique that is being used quite often is what's called javascript obfuscation. Web applications are no longer the static websites they used to be. They contain a lot of javascript and this javascript could reveal a lot of information to a potential hacker. To prevent this, the code is obfuscated so that the hacker will have a much harder time figuring out the applications internal workings.
Firewalls on the packet level have been implemented for ages in production environments but recently Web Application Firewall's are gaining ground fast. They will inspect any http request and depending on the configuration, they might report or block any call that contains unexpected or malicious input. This is just one tools in the tool belt of the modern system administrator but it's a very important one.
Hardening your web applications comes with a cost as do all good things in life. A more hardened server will be more secure from attackers, but it will also be slower as all of these security measures come with a cost. They will require more processing time of the system as a whole and of its components and this might significantly slow down an application.
For this exact reason it's often a balance between implementing too little hardening and implementing too much.
API Firewall, is a light-weighted API Firewall to protect your API endpoints in cloud-native environments with API Schema validation. API Firewall relies on a positive security model allowing calls that match predefined API specs, while rejecting everything else.
Technically, API Firewall is a reverse proxy with a built-in OpenAPI v3 request and response validator, written in Go, and optimised for extreme performance and near-zero added latency.
To install the API Firewall we have a couple of pre-requisites that need to be satisfied.