Listen to the latest episode of the Secure Developer podcastListen now


Web Application Firewall – Friend of your DevOps pipeline?

with Franziska Buehler


Web Application Firewalls (WAF) often raise concern about false positives, latency and other potential production problems. In addition, it is often said, that DevOps and WAF do not fit together. That is a pity since the WAF helps to protect us from web application attacks, like those described by the OWASP Top Ten. But what if you could ensure that introducing and using a WAF went smoothly?

I will show how to integrate a WAF with WAF testing automation into a continuous integration (CI) pipeline. This pipeline ensures that developers receive early and often feedback about their WAF, saves them time and headaches down the line. In fact, DevOps, testing and automation only make sense if all components are part of the process.

Needless to mention, I as an [OWASP Core Rule Set (CRS)]( developer and enthusiast introduced the CRS to [Puzzle ITC]( when I joined them in 2019! By providing YAML templates, we want to make it easy for developers to introduce WAFs into projects.



OWASP Top 10
Web Security

Franziska Buehler

CISO at Puzzle ITC

About Franziska Buehler

Franziska is a security enthusiast. She has been in the cybersecurity space for over ten years working mainly in the field of defensive security. As a member of Puzzle ITC she pursues her passion for security, DevOps and open source software.

She has a strong background in web application firewalls (WAFs) from her extensive experience as a webserver engineer and as a co-developer of the OWASP ModSecurity Core Rule Set (CRS). As part of the OWASP DevSlop team she integrated CRS into a Continuous Integration pipeline, to provide developers the chance to tune their WAF earlier in the SDLC.

We use cookies to ensure you get the best experience on our website.Read Privacy Policy