BunkerWeb: Open-source Web Application Firewall (WAF)
BunkerWeb is an open-source Web Application Firewall (WAF) distributed under the AGPLv3 free license. The solution’s core code is entirely auditable by a third party and the community.
“The genesis of BunkerWeb comes from the following problem: every time someone from my team or I had to put a web application online, we had to apply good security practices by hand. This process was not only time-consuming but also prone to human error. Since no open-source WAF met the needs, we created it ourselves. As the solution evolves, we can now say that it meets our needs and those of others around the world,” Florian Pitance, CEO of Bunkerity, told Help Net Security.
Open-source WAF features
In addition to being an open-source WAF with security features, BunkerWeb is a full-fledged web server. With a comprehensive configuration system, you can tailor it to meet your most specific needs.
“Our modular architecture allows anyone to extend the functionality of BunkerWeb. For example, we provide plugins allowing you to interconnect with other security solutions such as Antivirus. We encourage the community to develop new plugins, notice to amateurs! Another advantage is the fact of being able to host your Web Application Firewall on-premise or wherever you want in order to ensure the sovereignty of your data and compliance with various regulations such as the GDPR,” said Pitance.
Future plans and download
“In the short term, we will release a new version of BunkerWeb, mainly focusing on the user experience aspect. The objective is to make the use and administration of BunkerWeb more fluid while still allowing the possibility of controlling everything if necessary. Still with the same objective, we are about to offer a fully managed SaaS version of BunkerWeb, which is currently being tested in the beta version. As for the longer term, we prefer to keep the surprise, but rest assured that there will be great things,” Pitance concluded.
BunkerWeb is available for free download on GitHub.
Must read:
- 20 free cybersecurity tools you might have missed
- 15 open-source cybersecurity tools you’ll wish you’d known earlier
- 20 essential open-source cybersecurity tools that save you time