This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee without WAF, SQL injection protection?

Posted on 03-04-2020 07:24 AM
guycrets
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

All,

Apigee docs state that Apigee does not use a Web Application Firewall but rather is WAF.

Apigee does not leverage Google Cloud Armor or modsecurity or other underneath?

Trigger for the question is RegularExpressionProtection which seems insufficient to provide e.g. sufficient protection against SQL injection.

KR, Guy Crets

2 2 1,070
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
guycrets
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

During online Apigee meetup on Fri March 27, I learned that large customer (shipping company) also puts Akamai in front of its Apigee SAAS.

Apigee Sense might be part of the answer, but is not explicitly positioned for DDos.

But question goes broader: SQL injection, XSS, ... With no in-depth input from Apigee on suggested regex-es to use.

Posted on --/--/---- --:-- AM
in
New Member
Reply posted on --/--/---- --:-- AM

This is true. Apigee is not a WAF and there is no way to add custom RegExp to cover OWASP Top-10 and OWASP API Top-10 threats. I explained it in details in the following article: https://lab.wallarm.com/wallarm-connector-to-apigee-d45f9e38cd4e/

0 Likes