Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Dec 4, 2016
As web applications evolve and grow in complexity and ubiquity, the need to develop performant web application firewall (WAF) solutions as grown as well. This talk will focus on the history and use of Lua in open source WAF solutions. We will discuss how the Apache (and now platform-agnostic) ModSecurity leverages embeded Lua to provide rule authors a powerful extension to the ModSecurity DSL. We will also discuss how developments in the OpenResty community allow for the development of complex Lua applications in the context of the Nginx proxy ecosystem, and examine one such project (lua-resty-waf) in close detail, discussing performance, comparing its feature set with existing open source WAF projects, and discussing the role Lua and LuaJIT plays in optimizing execution times.