Kubernetes WAAP Version 1.13.0
This version includes the following modifications:
API Security
In this version multiple enhancements are provided for API Security protection:
Support for Preflight Request (CORS mechanism): Usually the preflight requests are automatically sent by browsers. This consists of sending automatic requests with the HTTP method OPTION and the header "Access-Control-Request-Method". If the method OPTION is not defined in the OpenAPI file description, the requests are blocked by the API protection. Support of preflight request will now accept these client requests coming from the browser. Case insensitivity during the API Catalog endpoints inspection. By default, the inspection is case sensitive. It can be deactivated to be case insensitive. Circular Reference: OpenAPI files that include circular references are now supported. JWT Excludes
Providing verification and validation of a JWT token protect against intrusion of malicious traffic and attack such as token theft, token replay, or unauthorized access.
Adding the JWT Whitelisting, it strengthens the protection adding a more granular control of the authorization, add another layer of protection of denial-of-service (in combination with Activity Tracking) and allow creation of a more flexible Security Policy
Inspection of Parameter Name
Expression engine and Pattern engine can bypass the inspection of the Query/Body Parameter names.
KWAAP Backend Certificate Rotation
The KWAAP Enforcer containers, the KWAAP Validation Controller containers, and the Elastic all support certificate rotation.
KWAAP Enforcer HTTP Headers logged
KWAAP Enforcer can be configured to specifically log HTTP header in the Access-log and in the Security Events.
KWAAP Management Console
New options are available from the KWAAP GUI:
In Decoding Behavior, Base64 and URL-Decoding multiple encoded attacks.When a Security Violation occurs, the exclusion can be applied for multiple protection within the Security Profile.