NGINX DevSecOps Workshop

Nov 13, 20200 likes192 views

This document provides an agenda and overview for an NGINX App Protect workshop. It includes: 1. An overview of NGINX and its application platform capabilities for developing and delivering digital experiences. 2. A demonstration and overview of the hands-on lab where attendees can get experience with NGINX App Protect. 3. The hands-on lab itself which attendees participate in for a live experience securing applications with NGINX App Protect.

Technology

NGINX
App Protect
DevOps
Workshop
Jesse Goodier
NGINX Solutions Architect
November 4, 2020

2
Agenda
1. NGINX Overview
2. Demo and overview of lab
3. Hands-on lab

NGINX
Application
Platform
A suite of technologies to
develop and deliver digital
experiences that span from
legacy, monolithic apps to
modern, microservices apps.

ENTERPRISE SOLUTIONS WITH DYNAMIC MODULES
• Enterprise class visibility with 90+ additional
metrics
• JWT Authentication
• Native OpenID Connect support
• Active health checks on status code
and response body
• Service discovery using DNS
• Key value store (dynamic IP black-listing,
blue/green deployments)
• Dynamic reconfiguration—zero downtime
• Session persistence based on cookie
NGINX Plus

New From F5!
NGINX App Protect
 High performing
 Security protection beyond signatures
 Trusted Signatures from F5
 Simple CI/CD integration
 Designed for modern infrastructures
 Rapid feedback loop for security remediations
 Unified F5 declarative interface
 Security statistics via syslog
 Backed by F5 Support
Manage
CI/CD
Friendly
Secure

Declarative Policy Helps CI/CD Motion
INFRASTRUCTURE AND SECURITY AS CODE
Source Code Repository CI/CD Pipeline Tool IT Automation
Application code/config for App X
security policy/config for App X
Pipeline for build/test/deploy of App X
Ansible playbook for deployment
of App X with its app services
Owned by SecOps Operated by DevOps
{
"entityChanges": {
"type": "explicit"
},
"entity": {
"name": "bak"
},
"entityKind":
"tm:asm:policies:filetypes:filetypestate",
"action": "delete",
"description": "Delete Disallowed File Type"
}

NGINX App Protect Performance
0
0.5
1
1.5
2
2.5
Throughput (MB/sec)
No Protection NGINX App Protect ModSec
0
2000
4000
6000
8000
10000
12000
14000
Requests/sec
No Protection NGINX App Protect ModSec
0
100
200
300
400
500
600
700
800
Latency (ms)
No Protection NGINX App Protect ModSec
Comprehensive security policy has no impact on latency, and offers better throughput and
requests/second when compared to ModSec
• ModSec Configuration: OWASP Top 10 (enable all CRS 3v rules)
• NGINX App Protect Configuration: OWASP Top 10 (Enable signatures), Evasion technique, Data Guard, Disallowed file types,
HTTP protocol compliance

11
• NGINX commonly used as Ingress
Controller
• Dynamic reconfiguration of endpoints
(no configuration reloading)
• Additional metrics, provided by a
streamlined Prometheus exporter
• Dedicated Helm chart repository
• Support for Custom resources to expose
more (all) NGINX Plus features as an
Ingress
An advanced Layer 7 load-balancing solution for exposing Kubernetes services
to the Internet
Kubernetes Ingress Controller

CONFIDENTIAL
Kubernetes Ingress Controllers
https://github.com/nginxinc/kubernetes-ingress/blob/master/docs/nginx-ingress-controllers.md

14
Hands-On Workshop
To launch the lab, go to https://udf.f5.com and look for NGINX Workshop.
Use chat or come off mute if you have any questions and we can help you in a breakout room.
If you do not see the workshop listed on UDF, please send us your email and the system will send
you an invitation.
We are here to help.
Login to windows jump host as user/user
use web shell
su ubuntu
cd
<ctrl><shift>v to paste on windows

More Related Content

What's hot (20)

PDF

Kubernetes and the NGINX Plus Ingress ControllerKatherine Bagood

PDF

Get the Most Out of Kubernetes with NGINXNGINX, Inc.

PDF

How to Get Started With NGINXNGINX, Inc.

PPTX

API Workloads on Kubernetes | Show Code Part 4NGINX, Inc.

PPTX

NGINX Basics: Ask Me Anything – EMEANGINX, Inc.

PPTX

NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerKatherine Bagood

PPTX

Migrating from BIG-IP Deployment to NGINX ADCNGINX, Inc.

PPTX

Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar

PDF

NGINX 101: Web Traffic Encryption with SSL/TLS and NGINXNGINX, Inc.

PPTX

NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX, Inc.

PDF

Découvrez NGINX AppProtectNGINX, Inc.

PPTX

Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...NGINX, Inc.

PDF

API Gateway Use Cases for KubernetesNGINX, Inc.

PPTX

Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...NGINX, Inc.

PDF

Application Security with NGINXNGINX, Inc.

PPTX

Production-Grade Kubernetes With NGINX Ingress ControllerNGINX, Inc.

PPTX

NGINX Unit at Scale: Use Cases and the Future of UnitNGINX, Inc.

PDF

Securing Your Apps & APIs in the CloudOlivia LaMar

PDF

Fundamentals of microservicesNGINX, Inc.

PDF

Securing k8s With Kubernetes GoatMuhammad Yuga Nugraha

Kubernetes and the NGINX Plus Ingress ControllerKatherine Bagood

Get the Most Out of Kubernetes with NGINXNGINX, Inc.

How to Get Started With NGINXNGINX, Inc.

API Workloads on Kubernetes | Show Code Part 4NGINX, Inc.

NGINX Basics: Ask Me Anything – EMEANGINX, Inc.

NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerKatherine Bagood

Migrating from BIG-IP Deployment to NGINX ADCNGINX, Inc.

Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar

NGINX 101: Web Traffic Encryption with SSL/TLS and NGINXNGINX, Inc.

NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX, Inc.

Découvrez NGINX AppProtectNGINX, Inc.

Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...NGINX, Inc.

API Gateway Use Cases for KubernetesNGINX, Inc.

Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...NGINX, Inc.

Application Security with NGINXNGINX, Inc.

Production-Grade Kubernetes With NGINX Ingress ControllerNGINX, Inc.

NGINX Unit at Scale: Use Cases and the Future of UnitNGINX, Inc.

Securing Your Apps & APIs in the CloudOlivia LaMar

Fundamentals of microservicesNGINX, Inc.

Securing k8s With Kubernetes GoatMuhammad Yuga Nugraha

Similar to NGINX DevSecOps Workshop (20)

PDF

Nginx app protect-for-meetup-v1.0-202006_lkJuraj Hantak

PDF

Automate NGINX with DevOps ToolsSupachai Jaturaprom

PDF

Deep Dive: Automating the Application and Security Pipeline with NGINX and An...NGINX, Inc.

PPTX

Accelerating Your Web Application with NGINXKevin Jones

PDF

IDM Crack 2025 Internet Download Manger Patchwistrendugftr

PDF

IObit Uninstaller Pro Crack 13.2.0.5 + Key Download 2025maharajput103

PDF

Ableton Live Suite Crack Free Download 2025emaanhashmi468

PDF

Movavi Screen Recorder Studio 22.5.2 Crackaladdinkhana47

PDF

What's New with NGINX Application Security SolutionsNGINX, Inc.

PDF

NGINX: The Past, Present and Future of the Modern WebKevin Jones

PDF

ITB2017 - Nginx ppf intothebox_2017Ortus Solutions, Corp

PPTX

NGINX Kubernetes Ingress Controller: Getting Started – EMEAAine Long

PDF

Application Security with NGINX | APACNGINX, Inc.

PPTX

What's New in NGINX Plus R10?NGINX, Inc.

PPTX

Accélérez vos déploiements applicatifs avec NGINX ControllerNGINX, Inc.

PPTX

Flawless Application Delivery with NGINX PlusPeter Guagenti

PPTX

Gain multi-cloud versatility with software load balancing designed for cloud-...Ashnikbiz

PDF

NGINX Ingress Controller for KubernetesNGINX, Inc.

PDF

NGINX ADC: Basics and Best Practices – EMEANGINX, Inc.

PPTX

Secure Your Apps with NGINX Plus and the ModSecurity WAFNGINX, Inc.

Nginx app protect-for-meetup-v1.0-202006_lkJuraj Hantak

Automate NGINX with DevOps ToolsSupachai Jaturaprom

Deep Dive: Automating the Application and Security Pipeline with NGINX and An...NGINX, Inc.

Accelerating Your Web Application with NGINXKevin Jones

IDM Crack 2025 Internet Download Manger Patchwistrendugftr

IObit Uninstaller Pro Crack 13.2.0.5 + Key Download 2025maharajput103

Ableton Live Suite Crack Free Download 2025emaanhashmi468

Movavi Screen Recorder Studio 22.5.2 Crackaladdinkhana47

What's New with NGINX Application Security SolutionsNGINX, Inc.

NGINX: The Past, Present and Future of the Modern WebKevin Jones

ITB2017 - Nginx ppf intothebox_2017Ortus Solutions, Corp

NGINX Kubernetes Ingress Controller: Getting Started – EMEAAine Long

Application Security with NGINX | APACNGINX, Inc.

What's New in NGINX Plus R10?NGINX, Inc.

Accélérez vos déploiements applicatifs avec NGINX ControllerNGINX, Inc.

Flawless Application Delivery with NGINX PlusPeter Guagenti

Gain multi-cloud versatility with software load balancing designed for cloud-...Ashnikbiz

NGINX Ingress Controller for KubernetesNGINX, Inc.

NGINX ADC: Basics and Best Practices – EMEANGINX, Inc.

Secure Your Apps with NGINX Plus and the ModSecurity WAFNGINX, Inc.

More from NGINX, Inc. (20)

PDF

【NGINXセミナー】　Ingressを使ってマイクロサービスの運用を楽にする方法NGINX, Inc.

PDF

【NGINXセミナー】 NGINXのWAFとは？その使い方と設定方法　解説セミナーNGINX, Inc.

PDF

【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法NGINX, Inc.

PPTX

Get Hands-On with NGINX and QUIC+HTTP/3NGINX, Inc.

PPTX

Managing Kubernetes Cost and Performance with NGINX & KubecostNGINX, Inc.

PDF

Manage Microservices Chaos and Complexity with ObservabilityNGINX, Inc.

PDF

Accelerate Microservices Deployments with AutomationNGINX, Inc.

PDF

Unit 2: Microservices Secrets Management 101NGINX, Inc.

PDF

Unit 1: Apply the Twelve-Factor App to Microservices ArchitecturesNGINX, Inc.

PDF

NGINX基本セミナー（セキュリティ編）～NGINXでセキュアなプラットフォームを実現する方法！NGINX, Inc.

PDF

Easily View, Manage, and Scale Your App Security with F5 NGINXNGINX, Inc.

PDF

NGINXセミナー（基本編）～いまさら聞けないNGINXコンフィグなど基本がわかる！NGINX, Inc.

PDF

Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXNGINX, Inc.

PPTX

Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...NGINX, Inc.

PPTX

Protecting Apps from Hacks in Kubernetes with NGINXNGINX, Inc.

PPTX

NGINX Kubernetes APINGINX, Inc.

PPTX

Successfully Implement Your API Strategy with NGINXNGINX, Inc.

PPTX

Installing and Configuring NGINX Open SourceNGINX, Inc.

PPTX

Shift Left for More Secure Apps with F5 NGINXNGINX, Inc.

PPTX

How to Avoid the Top 5 NGINX Configuration Mistakes.pptxNGINX, Inc.

【NGINXセミナー】　Ingressを使ってマイクロサービスの運用を楽にする方法NGINX, Inc.

【NGINXセミナー】 NGINXのWAFとは？その使い方と設定方法　解説セミナーNGINX, Inc.

【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法NGINX, Inc.

Get Hands-On with NGINX and QUIC+HTTP/3NGINX, Inc.

Managing Kubernetes Cost and Performance with NGINX & KubecostNGINX, Inc.

Manage Microservices Chaos and Complexity with ObservabilityNGINX, Inc.

Accelerate Microservices Deployments with AutomationNGINX, Inc.

Unit 2: Microservices Secrets Management 101NGINX, Inc.

Unit 1: Apply the Twelve-Factor App to Microservices ArchitecturesNGINX, Inc.

NGINX基本セミナー（セキュリティ編）～NGINXでセキュアなプラットフォームを実現する方法！NGINX, Inc.

Easily View, Manage, and Scale Your App Security with F5 NGINXNGINX, Inc.

NGINXセミナー（基本編）～いまさら聞けないNGINXコンフィグなど基本がわかる！NGINX, Inc.

Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXNGINX, Inc.

Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...NGINX, Inc.

Protecting Apps from Hacks in Kubernetes with NGINXNGINX, Inc.

NGINX Kubernetes APINGINX, Inc.

Successfully Implement Your API Strategy with NGINXNGINX, Inc.

Installing and Configuring NGINX Open SourceNGINX, Inc.

Shift Left for More Secure Apps with F5 NGINXNGINX, Inc.

How to Avoid the Top 5 NGINX Configuration Mistakes.pptxNGINX, Inc.

Recently uploaded (20)

PDF

“MPU+: A Transformative Solution for Next-Gen AI at the Edge,” a Presentation...Edge AI and Vision Alliance

PDF

"Scaling in space and time with Temporal", Andriy Lupa.pdfFwdays

PDF

GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdfPriyanka Aash

DOCX

Daily Lesson Log MATATAG ICT TEchnology 8LOIDAALMAZAN3

PPTX

Securing Account Lifecycles in the Age of Deepfakes.pptxFIDO Alliance

PPTX

Security Tips for Enterprise Azure SolutionsMichele Leroux Bustamante

PDF

9-1-1 Addressing: End-to-End Automation Using FMESafe Software

PDF

Cyber Defense Matrix Workshop - RSA ConferencePriyanka Aash

PPTX

UserCon Belgium: Honey, VMware increased my billstijn40

PDF

Quantum AI Discoveries: Fractal Patterns Consciousness and Cyclical UniversesSaikat Basu

PDF

Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdfPriyanka Aash

PDF

From Manual to Auto Searching- FME in the Driver's SeatSafe Software

PDF

PyCon SG 25 - Firecracker Made Easy with Python.pdfMuhammad Yuga Nugraha

PDF

Quantum AI: Where Impossible Becomes ProbableSaikat Basu

PDF

Raman Bhaumik - Passionate Tech EnthusiastRaman Bhaumik

PDF

The Growing Value and Application of FME & GenAISafe Software

PPTX

Wenn alles versagt - IBM Tape schützt, was zählt! Und besonders mit dem neust...Josef Weingand

PDF

Using the SQLExecutor for Data Quality Management: aka One man's love for the...Safe Software

PDF

Python Conference Singapore - 19 Jun 2025ninefyi

PDF

Smarter Aviation Data Management: Lessons from Swedavia Airports and SwecoSafe Software

“MPU+: A Transformative Solution for Next-Gen AI at the Edge,” a Presentation...Edge AI and Vision Alliance

"Scaling in space and time with Temporal", Andriy Lupa.pdfFwdays

GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdfPriyanka Aash

Daily Lesson Log MATATAG ICT TEchnology 8LOIDAALMAZAN3

Securing Account Lifecycles in the Age of Deepfakes.pptxFIDO Alliance

Security Tips for Enterprise Azure SolutionsMichele Leroux Bustamante

9-1-1 Addressing: End-to-End Automation Using FMESafe Software

Cyber Defense Matrix Workshop - RSA ConferencePriyanka Aash

UserCon Belgium: Honey, VMware increased my billstijn40

Quantum AI Discoveries: Fractal Patterns Consciousness and Cyclical UniversesSaikat Basu

Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdfPriyanka Aash

From Manual to Auto Searching- FME in the Driver's SeatSafe Software

PyCon SG 25 - Firecracker Made Easy with Python.pdfMuhammad Yuga Nugraha

Quantum AI: Where Impossible Becomes ProbableSaikat Basu

Raman Bhaumik - Passionate Tech EnthusiastRaman Bhaumik

The Growing Value and Application of FME & GenAISafe Software

Wenn alles versagt - IBM Tape schützt, was zählt! Und besonders mit dem neust...Josef Weingand

Using the SQLExecutor for Data Quality Management: aka One man's love for the...Safe Software

Python Conference Singapore - 19 Jun 2025ninefyi

Smarter Aviation Data Management: Lessons from Swedavia Airports and SwecoSafe Software

NGINX DevSecOps Workshop

1. NGINX App Protect DevOps Workshop Jesse Goodier NGINX Solutions Architect November 4, 2020

2. 2 Agenda 1. NGINX Overview 2. Demo and overview of lab 3. Hands-on lab

4. NGINX Application Platform A suite of technologies to develop and deliver digital experiences that span from legacy, monolithic apps to modern, microservices apps.

6. ENTERPRISE SOLUTIONS WITH DYNAMIC MODULES • Enterprise class visibility with 90+ additional metrics • JWT Authentication • Native OpenID Connect support • Active health checks on status code and response body • Service discovery using DNS • Key value store (dynamic IP black-listing, blue/green deployments) • Dynamic reconfiguration—zero downtime • Session persistence based on cookie NGINX Plus

7. New From F5! NGINX App Protect  High performing  Security protection beyond signatures  Trusted Signatures from F5  Simple CI/CD integration  Designed for modern infrastructures  Rapid feedback loop for security remediations  Unified F5 declarative interface  Security statistics via syslog  Backed by F5 Support Manage CI/CD Friendly Secure

8. Deployment options

9. Declarative Policy Helps CI/CD Motion INFRASTRUCTURE AND SECURITY AS CODE Source Code Repository CI/CD Pipeline Tool IT Automation Application code/config for App X security policy/config for App X Pipeline for build/test/deploy of App X Ansible playbook for deployment of App X with its app services Owned by SecOps Operated by DevOps { "entityChanges": { "type": "explicit" }, "entity": { "name": "bak" }, "entityKind": "tm:asm:policies:filetypes:filetypestate", "action": "delete", "description": "Delete Disallowed File Type" }

10. NGINX App Protect Performance 0 0.5 1 1.5 2 2.5 Throughput (MB/sec) No Protection NGINX App Protect ModSec 0 2000 4000 6000 8000 10000 12000 14000 Requests/sec No Protection NGINX App Protect ModSec 0 100 200 300 400 500 600 700 800 Latency (ms) No Protection NGINX App Protect ModSec Comprehensive security policy has no impact on latency, and offers better throughput and requests/second when compared to ModSec • ModSec Configuration: OWASP Top 10 (enable all CRS 3v rules) • NGINX App Protect Configuration: OWASP Top 10 (Enable signatures), Evasion technique, Data Guard, Disallowed file types, HTTP protocol compliance

11. 11 • NGINX commonly used as Ingress Controller • Dynamic reconfiguration of endpoints (no configuration reloading) • Additional metrics, provided by a streamlined Prometheus exporter • Dedicated Helm chart repository • Support for Custom resources to expose more (all) NGINX Plus features as an Ingress An advanced Layer 7 load-balancing solution for exposing Kubernetes services to the Internet Kubernetes Ingress Controller

12. CONFIDENTIAL Kubernetes Ingress Controllers https://github.com/nginxinc/kubernetes-ingress/blob/master/docs/nginx-ingress-controllers.md

13. 13 Workshop Overview

14. 14 Hands-On Workshop To launch the lab, go to https://udf.f5.com and look for NGINX Workshop. Use chat or come off mute if you have any questions and we can help you in a breakout room. If you do not see the workshop listed on UDF, please send us your email and the system will send you an invitation. We are here to help. Login to windows jump host as user/user use web shell su ubuntu cd <ctrl><shift>v to paste on windows

NGINX DevSecOps Workshop

Recommended

More Related Content

What's hot (20)

Similar to NGINX DevSecOps Workshop (20)

More from NGINX, Inc. (20)

Recently uploaded (20)

NGINX DevSecOps Workshop