25-17 AWS WAF

Last updated Aug 17, 2023 Edit Source

AWS Web Application Firewall (WAF) protect your web applications from common web exploits

• Write your own rules to ALLOW or DENY traffic based on the contents of HTTP requests
• Use a ruleset from a trusted AWS Security Partner in the AWS WAF Rules Marketplace
• WAF can be attached to either CloudFront or an Application Load Balancer

Protect web applications from attacks covered in the OWASP Top 10 most dangerous attacks:

1. Injection
2. Broken Authentication
3. Sensitive data exposure
4. XML External Entities (XXE)
5. Broken Access control
6. Security misconfigurations
7. Cross-Site Scripting (XSS)
8. Insecure Deserialization
9. Using Components with known vulnerabilities
10. Insufficient logging and monitoring