In the second post in our API gateway series, Liam shows you how to batten down the hatches on your API services. You can use rate limiting, access restrictions, request size limits, and request body validation to frustrate illegitimate or overly burdensome requests.
Threat Visibility and Analytics with NGINX Controller App Security
We explain how NGINX Controller App Security for application delivery provides threat visibility and actionable analytics, enabling SecOps to prevent potential threats, respond in a timely way, and mitigate false positives, resulting in an improved app security posture.
Introducing the NGINX Controller App Security Add-On for Application Delivery
We introduce the NGINX Controller App Security add-on for Controller Application Delivery, which provides an app-centric, self-service way for app teams to enable WAF protection for their apps, while security teams can still define policies and monitor apps for compliance.
Secure Cloud-Native Apps Without Losing Speed
We explore some difficulties in developing cloud-native apps, and explain how NGINX software helps you solve them by reducing tool sprawl, controlling costs with lightweight solutions, and enabling SecOps to provide DevOps with self-service security that integrates into CI/CD pipelines.
Can Application Security Be Pain Free?
Application security is hard, but there are some best practices to help you achieve it: automate as much as possible, build security as a guardrail instead of a gate, select solutions that provide easily understood insights, and make security adaptable, scalable, and reliable.
Achieving FIPS Compliance with NGINX Plus
We explain how to run NGINX Plus in compliance with the FIPS 140-2 Security Requirements for Cryptographic Modules standard, which specifies the cryptographic protocols that are accepted by the U.S. Federal government and many other organizations.
Integrating Fortanix Self-Defending KMS with NGINX and NGINX Plus
With the Fortanix Self-Defending Key Management Service, you can offload TLS crytographic processing from your NGINX and NGINX Plus servers, and safely store your TLS keys for on-demand uploading into the NGINX Plus key-value store. We provide complete instructions for both use cases.
Securing Your Apps in Kubernetes with NGINX App Protect
With NGINX Plus Ingress Controller for Kubernetes release 1.8.0, NGINX App Protect can be embedded in the Ingress Controller. This puts WAF protection closer to applications, which is crucial in modern app environments like Kubernetes. It also enables automation and reduces complexity and cost.
The Importance of Securing Real-Time APIs
A combination of factors makes APIs rich targets for security attacks. We discuss methods for securing APIs throughout their lifecycle, from design and development through delivery, using WAFs, bot protection, API management tools, and API gateways.
Agile Perimeter Security with NGINX App Protect
Establishing a security perimeter around your intranet is no longer enough to protect your apps. We show how to configure NGINX App Protect to establish the perimeter around individual apps as required by today's distributed applications and Zero Trust security mode