WAAP for Open Banking Lab

24 Launches
Solution Overview

Open Banking is a framework that allows third-party payment services access to financial data through standardized APIs; it offers incumbent banks the opportunity to partner with fintech and provide customers visibility and control over their financial data. Exposing APIs also provides the Banking-as-a-Service (BaaS) functionality, allowing banks to open up offerings in a regulated infrastructure on top of financial providers. Even though open banking offers a regulated standard for exposing these APIs, it does not provide any standards for meeting most of the security requirements for APIs.

WAAP (Web Application and API Protection) is the term coined by Gartner to highlight the changing landscape of Web Application firewall. It expands the WAF capabilities into four core features: WAF, DDoS protection, bot management and API Protection.

This lab demonstrates the application of WAAP for a demo open banking environment. Payment service users (PSU) will be initiating a banking transaction from the TPP (third party provider). This transaction is authenticated via an OAuth flow by the bank's Identity provider (IdP). Upon consent for the payment by the user, the request is then forwarded to the NGINX Micro Gateway acting as a resource server to validate the token and provide access to the bank's API.

Goals & Objectives

This lab is intended to demonstrate an Open Banking demo environment and how to secure the open banking transactions using a WAAP solution. Lab users will be navigating through the self-paced lab guide that documents how to initiate the transactions and apply the security protections. Lab users will also be able to launch a sample test script to initiate a bot attack to the IdP server and see Shape IBD mitigate the attacks.

Hardware & Software

  • 1 x Windows Jump host (Win10)
  • 1 x CICD and Docker(NGINX API gw, Dev Portal)  (Ubuntu 18.04)
  • 3 x Kubernetes cluster Nodes (Ubuntu 18.04) VM's
  • 1 x Active Directory Server (Win Server 2012 R2)
  • 1 x ELK Server(Ubuntu 18.04)
  • 1 x GitLab CE server (Ubuntu 18.04)
  • 1 x BIG-IP (v 16.1.0)
  • 1 x TPP Banking Application (Ubuntu 18.04)
  • 1 x PingFederate Server
  • 1 x Vyos Router (Ubuntu 18.04)