Getting Started with Zen
Introduction
Zen by Aikido is an embedded Web Application Firewall that autonomously protects your apps against common and critical attacks.
It protects your apps by preventing user input containing dangerous strings, which usually allow for injection and path traversal attacks. Zen automatically blocks critical injection attacks, supports rate limiting for APIs and monitors outbound traffic.
Zen by Aikido operates autonomously on the same server as your app to secure your app like a classic web application firewall (WAF), but without the infrastructure or cost.
Languages
Currently Supported:
Node.js
Python
PHP
In Beta:
Java
Ruby
Future:
.NET
How to install
We do not send any data back to the cloud to do security checks. The token is only used to communicate when attacks are detected to show in the dashboard.
Follow the setup instructions in the Aikido app and check out our docs.
Functionality Support Matrix
SQLi Protection | NoSQLi Protection | Path Traversal | Shell Injection | SSRF Protection | Rate Limiting by IP | Rate Limiting by User | Block Users | |
|---|---|---|---|---|---|---|---|---|
Java | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Node.js | ||||||||
Hono | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Hapi | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Next.js | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
Express | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Google Cloud Functions | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ |
Google Cloud Pub/Sub | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ |
Lambda | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ |
Micro | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |
PHP | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Python | ||||||||
Django | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Flask | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
gUnicorn | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Quart | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Scarlette | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Ruby | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |