F5 Essential App Protect is a simple, pay-as-you-go, SaaS-based security service for securing apps proxied by NGINX and NGINX Plus. Based on F5’s 20+ years of app security expertise, it's a DevOps-ready service that protects against the security threats faced by modern apps.
We explain how to run NGINX Plus in compliance with the FIPS 140-2 Security Requirements for Cryptographic Modules standard, which specifies the cryptographic protocols that are accepted by the U.S. Federal government and many other organizations.
With the Fortanix Self-Defending Key Management Service, you can offload TLS crytographic processing from your NGINX and NGINX Plus servers, and safely store your TLS keys for on-demand uploading into the NGINX Plus key-value store. We provide complete instructions for both use cases.
With NGINX Plus Ingress Controller for Kubernetes release 1.8.0, NGINX App Protect can be embedded in the Ingress Controller. This puts WAF protection closer to applications, which is crucial in modern app environments like Kubernetes. It also enables automation and reduces complexity and cost.
A combination of factors makes APIs rich targets for security attacks. We discuss methods for securing APIs throughout their lifecycle, from design and development through delivery, using WAFs, bot protection, API management tools, and API gateways.
Establishing a security perimeter around your intranet is no longer enough to protect your apps. We show how to configure NGINX App Protect to establish the perimeter around individual apps as required by today's distributed applications and Zero Trust security mode
With NGINX App Protect, you no longer have to choose between security and performance. It combines the proven effectiveness of F5’s advanced WAF technology with the agility and performance of NGINX Plus, to address the security challenges facing modern DevOps environments.
In high-security environments, it's important to store sensitive data like SSL certificate-key pairs in memory only, not on disk. Here we show how to generate ephemeral SSL key pairs using HashiCorp Vault and store them in the in-memory NGINX Plus key-value store.
We have released updates to NGINX Open Source and NGINX Plus to fix vulnerabilities in the HTTP/2 protocol that were announced today (CVE-2019-9511, CVE-2019-9513, and CVE-2019-9516). Upgrade as soon as possible to NGINX 1.17.3, NGINX 1.16.1, or NGINX Plus R18 P1.