Layer 7 DoS attacks are a new and increasingly common threat to app performance and security. You need protection that integrates easily into your infrastructure and CI/CD pipelines, learns from observing user and app behavior, and doesn't affect performance even during an attack.
Tag: security
Tag: security
How NGINX App Protect Denial of Service Adapts to the Evolving Attack Landscape
We explain how NGINX App Protect Denial of Service (DoS) adapts its mitigation methods in real time to protect against Layer 7 DoS attacks. By creating a model of normal user behavior and server health, it can spot deviations that signal an attack and apply customized mitigation signatures.
NGINX App Protect Denial of Service Blocks Application-Level DoS Attacks
NGINX App Protect Denial of Service (DoS) protects your modern applications against sophisticated application-level (Layer 7) DoS attacks, including GET and POST flooding, Slowloris, Slow read, slow POST, Challenge Collapsar, NAT-disguised, and targeted SSL/TLS attacks.
The mTLS Architecture in NGINX Service Mesh
Service-to-service communication among microservices puts more data on the wire compared to monoliths. Using mutual TLS (mTLS) to encrypt and authenticate that communication is crucial. Here we dive deep into the mTLS implementation in NGINX Service Mesh.
Shifting Security Tools Left for Safer Apps
Strategies for shifting security left usually ignore WAF and other traditional tools for enforcing run‑time security policies. A complete modern solution needs to include WAF, but one that fits into your CI/CD pipelines and helps smooth friction between Security and DevOps.
Mitigating Security Vulnerabilities Quickly and Easily with NGINX Plus
An often-overlooked benefit of NGINX Plus is how it makes protecting yourself against security threats quick and easy. We proactively inform NGINX Plus subscribers of security vulnerabilities and patches, provide help during attacks, support JWT and OIDC authentication, and more.
Deploying NGINX as an API Gateway, Part 2: Protecting Backend Services
In the second post in our API gateway series, Liam shows you how to batten down the hatches on your API services. You can use rate limiting, access restrictions, request size limits, and request body validation to frustrate illegitimate or overly burdensome requests.
Secure Cloud-Native Apps Without Losing Speed
We explore some difficulties in developing cloud-native apps, and explain how NGINX software helps you solve them by reducing tool sprawl, controlling costs with lightweight solutions, and enabling SecOps to provide DevOps with self-service security that integrates into CI/CD pipelines.
Can Application Security Be Pain Free?
Application security is hard, but there are some best practices to help you achieve it: automate as much as possible, build security as a guardrail instead of a gate, select solutions that provide easily understood insights, and make security adaptable, scalable, and reliable.
Achieving FIPS Compliance with NGINX Plus
We explain how to run NGINX Plus in compliance with the FIPS 140-2 Security Requirements for Cryptographic Modules standard, which specifies the cryptographic protocols that are accepted by the U.S. Federal government and many other organizations.