An often-overlooked benefit of NGINX Plus is how it makes protecting yourself against security threats quick and easy. We proactively inform NGINX Plus subscribers of security vulnerabilities and patches, provide help during attacks, support JWT and OIDC authentication, and more.
In the second post in our API gateway series, Liam shows you how to batten down the hatches on your API services. You can use rate limiting, access restrictions, request size limits, and request body validation to frustrate illegitimate or overly burdensome requests.
We explore some difficulties in developing cloud-native apps, and explain how NGINX software helps you solve them by reducing tool sprawl, controlling costs with lightweight solutions, and enabling SecOps to provide DevOps with self-service security that integrates into CI/CD pipelines.
Application security is hard, but there are some best practices to help you achieve it: automate as much as possible, build security as a guardrail instead of a gate, select solutions that provide easily understood insights, and make security adaptable, scalable, and reliable.
F5 Essential App Protect is a simple, pay-as-you-go, SaaS-based security service for securing apps proxied by NGINX and NGINX Plus. Based on F5’s 20+ years of app security expertise, it's a DevOps-ready service that protects against the security threats faced by modern apps.
We explain how to run NGINX Plus in compliance with the FIPS 140-2 Security Requirements for Cryptographic Modules standard, which specifies the cryptographic protocols that are accepted by the U.S. Federal government and many other organizations.
With the Fortanix Self-Defending Key Management Service, you can offload TLS crytographic processing from your NGINX and NGINX Plus servers, and safely store your TLS keys for on-demand uploading into the NGINX Plus key-value store. We provide complete instructions for both use cases.
With NGINX Plus Ingress Controller for Kubernetes release 1.8.0, NGINX App Protect can be embedded in the Ingress Controller. This puts WAF protection closer to applications, which is crucial in modern app environments like Kubernetes. It also enables automation and reduces complexity and cost.
A combination of factors makes APIs rich targets for security attacks. We discuss methods for securing APIs throughout their lifecycle, from design and development through delivery, using WAFs, bot protection, API management tools, and API gateways.