OAShield

When it comes to API security, it pays to be POSITIVE!

Convert your existing OpenAPI / Swagger specifications to Web Application Firewall (WAF) rules automatically! OAShield helps minimize the attack surface available to bad actors. This can be used in conjunction with traditional WAF sets like the OWASP Core Rule Set.

Additional Background and Information

OAShield is free and Open Source! See the license at:

Apache 2.0 License

OAShield Features

HTTP Method Restriction

Only allow HTTP method types defined for an individual REST endpoint.

Parameter Validation

Don’t allow attackers to send in any parameters they want. Instead restrict the available parameters to only those used by each endpoint directly.

Data Type Checking

OAShield rules act as positive input validation for REST applications. It works by validating patterns defined within the OpenAPI spec, or if not defined, default validations based on data type and other value restriction information from the specification.

Unknown Endpoint Rejection

Any unknown endpoints are rejected by default. Fails closed, not open!

DevSecOps Friendly

Use CI/CD automation flows to automatically generate and publish the most recent version of the API to the WAF, ensuring that your protection is always up to date!

Read the docs

Additional background and information at About OAShield. Or dive in with the OAShield Docs.