Traefik Labs Joins OWASP and Integrates Coraza and Core Rule Set Projects


Traefik Labs

Tuesday, March 19, 2024

Addresses crucial role of Web Application Firewall (WAF) in modern API infrastructure and integrates two leading OWASP projects into Traefik OSS stack

KubeCon, PARIS, March 19, 2024 – Traefik Labs, creator of the world’s most popular cloud-native application proxy, today announced a significant addition to their portfolio that addresses the escalating cyber threats to modern API infrastructure.

“We are at a pivotal moment in the evolution of digital infrastructure, where the integration of robust security measures within our API gateways is not just an option, but a necessity,” said Sudeep Goswami, CEO of Traefik Labs. “By weaving the Coraza WAF and the OWASP Core Rule Set directly into Traefik Proxy v3, we are not merely responding to the current cybersecurity landscape but are proactively setting a new benchmark for API security. This step reaffirms our dedication to providing the most secure, cutting-edge solutions to our users, ensuring they remain not just compliant, but ahead of the curve in the face of emerging cyber threats.”

By scrutinizing incoming traffic to block malicious requests before they can exploit any vulnerabilities, WAFs have been instrumental in safeguarding web applications and APIs, particularly excelling in thwarting older, yet persistently dangerous attack methods such as injection and security misconfigurations.

Recognizing the complementary strengths of API gateways and WAFs, Traefik Labs has taken a pioneering step towards fortifying API security with an innovative integration. The company has introduced the capability to incorporate a WAF directly at the API Gateway layer.

Integrating a WAF at the API Gateway layer enhances runtime protection and establishes a comprehensive security posture that is resilient against a wide array of cyber threats. Available to users of Traefik Proxy v3 open source, this innovation integrates two OWASP projects: Coraza WAF and the Core Rule Set.

“The integration of Coraza into Traefik Proxy represents a significant leap forward in our mission to democratize high-level security for web applications and APIs,” stated José Carlos Chávez, co-leader of the Coraza project. “This collaboration with Traefik Labs showcases the power of open source innovation, merging our expertise in WAF technologies with their leadership in cloud-native application proxy solutions. Together, we’re not just enhancing security; we’re redefining what developers can expect from their infrastructure in terms of protection, performance, and ease of use.”

This initial release lays the foundation for future enhancements and signifies Traefik Labs’ commitment to aligning with the evolving PCI DSS v4.0 standards. With WAF transitioning from a best-practice to a PCI DSS compliance requirement by March 2025, Traefik Labs is not only ahead of the curve but is also setting a new standard in API security, ensuring that organizations are well-equipped to face the cyber challenges of today and tomorrow.

For more information, visit the Traefik Labs Blog.

About Traefik Labs Traefik Labs helps organizations adopt and scale cloud-native architectures by providing a modern, intuitive, and open platform that reimagines application connectivity and API management, paving the way for seamless operations and enhanced productivity. Traefik’s flagship open source project, Traefik Proxy, is used by the world’s largest enterprises and is one of Docker Hub’s top 10 projects, with over 3 billion downloads. Founded in 2016, Traefik Labs is backed by investors including Balderton Capital, Elaia, 360 Capital Partner, and Kima Ventures. For more information, visit and follow @traefik on Twitter.