Imperva API Security

The Imperva API Security plugin connects Kong Gateway with the Imperva API Security service, providing continuous discovery and monitoring of APIs exposed by Kong Gateway. This enables security teams to protect business applications and data against unauthorized access.

The plugin operates with a very low CPU and memory footprint, avoiding any negative impact on the inline performance of the Gateway or your applications.

Here’s how the Imperva API Security plugin works:

1. The plugin captures API calls with request/response payloads and sends them to the Imperva API Security service for inspection.
2. API calls are copied and streamed through Kong Gateway.
3. You provide the API Security receiver service destination address and port though the plugin’s configuration, so the API data is kept under the control of the application owner. Additional parameters are used to control how the API captures are sent.

You can install the Imperva API Security plugin via LuaRocks. A Lua plugin is distributed in .rock format, which is a self-contained package that can be installed locally or from a remote server.

1. Install the Imperva API Security plugin:

   luarocks install imp-appsec-connector
   

2. Update your loaded plugins list in Kong Gateway.

   In your kong.conf, append imp-appsec-connector to the plugins field. Make sure the field isn’t commented out.

   plugins = bundled,imp-appsec-connector
   

3. Restart Kong Gateway:

   kong restart
   

If you are using the Kong Ingress Controller, the installation is slightly different. Review the custom plugin docs for the Kong Ingress Controller.