AWS WAF adds support for Captcha

•Download as PPTX, PDF•

0 likes•55 views

AWS has announced AWS WAF Captcha to help block unwanted bot traffic by requiring users to successfully complete challenges before their web request are allowed to reach AWS WAF protected resources. Captcha is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart and is commonly used to distinguish between robotic and human visitors to prevent activity like web scraping, credential stuffing, and spam. You can configure AWS WAF rules to require WAF Captcha challenges to be solved for specific resources that are frequently targeted by bots such as login, search, and form submissions. You can also require WAF Captcha challenges for suspicious requests based on the rate, attributes, or labels generated from AWS Managed Rules, such as AWS WAF Bot Control or the Amazon IP Reputation list. WAF Captcha challenges are simple for humans while remaining effective against bots. WAF Captcha includes an audio version and is designed to meet WCAG accessibility requirements.

Technology

SPEAKER
Dhaval Soni
A W S A P N A M B A S S A D O R A N D
S O L U T I O N S A R C H I T E C T
• India’s first Red Hat Certified Architect in 2009
• 10x AWS Certified Solutions Architect
• 10x Red Hat Certified Architect
• ISO/IEC 27001 Lead Auditor
• Certified Payment-Card Industry Security Implementer (CPISI)
• EU Registered European Data Protection Professional (GDPR)
• Certified Cyber Security Analyst from GFSU – Department of
Forensic Sciences, Gujarat State

Confidential Information - Infostretch Corporation - For intended recipients only. ©2021 Infostretch. All rights reserved. 3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
Confidential Information - Infostretch Corporation - For intended recipients only. ©2021 Infostretch. All rights reserved. 3
3
AGENDA
• What is AWS WAF?
• Latest announcement
• How will it help you?

WHAT IS AWS WAF?
• AWS WAF is a web application firewall that lets you monitor the HTTP
and HTTPS requests that are forwarded to an Amazon CloudFront
distribution, an Amazon API Gateway REST API, an Application Load
Balancer, or an AWS AppSync GraphQL API.
• AWS WAF also lets you control access to your content.
• Based on conditions that you specify, such as the IP addresses that
requests originate from or the values of query strings, Amazon
CloudFront, Amazon API Gateway, Application Load Balancer, or AWS
AppSync responds to requests either with the requested content or with
an HTTP 403 status code (Forbidden).
AWS WAF

ANNOUNCEMENT
• AWS has announced AWS WAF Captcha to help block unwanted bot
traffic by requiring users to successfully complete challenges before their
web request are allowed to reach AWS WAF protected resources.
• Captcha is an acronym for Completely Automated Public Turing test to
tell Computers and Humans Apart and is commonly used to distinguish
between robotic and human visitors to prevent activity like web scraping,
credential stuffing, and spam.

HOW WILL IT HELP YOU?
• You can configure AWS WAF rules to require WAF Captcha challenges
to be solved for specific resources that are frequently targeted by bots
such as login, search, and form submissions.
• You can also require WAF Captcha challenges for suspicious requests
based on the rate, attributes, or labels generated from AWS Managed
Rules, such as AWS WAF Bot Control or the Amazon IP Reputation list.
• WAF Captcha includes an audio version and is designed to meet
WCAG accessibility requirements.

Similar to AWS WAF adds support for Captcha

AWS IoT is a managed cloud platform that allows connected IoT devices to easily and securely interact with cloud applications and other devices. In this session, we will discuss how constrained devices can leverage the AWS IoT service to send data to the cloud and receive commands back to the device using the protocol of their choice. We will discuss how devices can connect securely using MQTT and HTTP protocols, and how developers and businesses can leverage the AWS IoT Rules Engine, Thing Shadows, and accelerate prototype development using AWS IoT Device SDKs. Finally, we will cover new features released since the launch of AWS IoT including integration with Amazon Machine Learning and Amazon ElasticSearch Service.

Getting Started with AWS IoT

Amazon Web Services

In this workshop, we help you understand how you can help protect your web applications from threats cost effectively by using AWS WAF and Amazon CloudFront. As attacks and attempts to exploit vulnerabilities in web applications become more sophisticated and automated, having an effective web request filtering solution becomes key to keeping your users' data safe. We will cover common attack vectors and what you can do to mitigate them. You will learn how to leverage AWS WAF in conjunction with Amazon CloudFront to detect unwanted traffic and block it using simple configurations and automations. Prerequisites: Participants should have an AWS account established and available for use during the workshop. Please bring your own laptop.

AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...

Amazon Web Services

AWS Summit Barcelona 2015 - Introducing Amazon API Gateway

Vadim Zendejas

This module will cover cloud computing concepts and AWS global Infrastructure. • Recognize terminology and concepts as they relate to the AWS platform and navigate the AWS Management Console. • Understand the foundational services, including Amazon Elastic Compute Cloud (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), and Amazon Elastic Block Store (EBS). • Understand the security measures AWS provides and key concepts of AWS Identity and Access Management (IAM). • Understand AWS database services, including Amazon DynamoDB and Amazon Relational Database Service (RDS). • Understand AWS management tools, including Auto Scaling, Amazon CloudWatch, Elastic Load Balancing (ELB), and AWS Trusted Advisor. Presenters today: • John Balsillie Senior Technical Trainer, AWS APAC • Karthik Chandy Senior Technical Trainer, AWS APAC

Module 1: AWS Introduction and History - AWSome Day Online Conference - APAC

Amazon Web Services

Raleigh DevDay 2017: Distributed serverless stack tracing and monitoring

Amazon Web Services

WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs Businesses today are rapidly moving from being service enabled to being API enabled. Moving into the world of APIs brings together its own set of complexities and challenges that are tough to tackle. API security, performance, scalability, monitoring and notifications are key areas to be focusing your engineering efforts on. The WSO2 Carbon platform is a complete open source enterprise middleware platform which includes products catering to your various different enterprise needs. This talk will focus on leveraging the extensive feature set and extensible nature of the WSO2 platform to secure, monitor and monetize your APIs. It will also touch upon some of WSO2’s experiences with customers in building API ecosystems that suit modern day enterprises. Presenter: Nuwan Dias Technical Lead, WSO2

WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs

WSO2

AWSome Day Galway Intro

Amazon Web Services

Join AWS in examining governance and compliance designs aimed at helping organizations meet HIPAA and HITRUST standards. Learn how to better validate and document your compliance, expedite access to AWS compliance accelerators, and discover new ways to use AWS native features to monitor and control your accounts. This session is for a technical audience seeking to dive deep into the AWS service offerings, console, and API.

WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf

Amazon Web Services

AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...

Amazon Web Services

Retail Insights, LLC lacked sufficient visibility into their AWS environment and were relying on third party developers to build their web applications. To gain a better understanding of their security posture, they sought out a security solution that would provide total visibility into their apps and environment. Additionally, a new business opportunity arose that required Retail Insights to demonstrate how they would meet HIPAA compliance for PII data. Alert Logic helped Retail Insights by not only helping them gain visibility into their AWS environment, but providing a comprehensive security solution that protected several layers of the application stack with a team of security experts actively monitoring and protecting them from threats

How Retail Insights, LLC Used Alert Logic to Meet Compliance Mandates and Enh...

Amazon Web Services

Networking plays an important role in your design decisions for building a serverless application and you have many options to consider. What are the the benefits and drawbacks of connecting a Lambda function to a VPC? How should you configure your subnets, route tables, and other networking aspects to best support your application’s needs? In this session we'll cover best practices for security, high availability, and cost. We'll also review service endpoints, cross account access, and provide insight on how to minimize the configuration overhead of a large virtual private network.

Networking Best Practices for Your Serverless Applications

Chris Munns

The Getting Started on AWS deck serves to introduce Amazon users and prospective customers to the Amazon VPC, EC2 and the concepts and components that are necessary building Fault Tolerant & High Available environments on AWS. It also serves to introduce services like Direct Connect, Router53 (Amazon DNS Service) and one of our new additions, the Amazon Application Load Balancer (ALB). After perusing this deck, users should have a better understanding of what these services are and their propose benefits.

Getting Started on AWS

Amazon Web Services

In this session, we will take a deeper look at the security services and features available on AWS. We will look at how Identity and Access Management (IAM) works by covering IAM users, policies, roles, groups. We will also look at AWS Security groups and how they are applied to the different infrastructure components, e.g. Amazon EC2 instances, Load Balancers, Databases (via Amazon RDS). Lastly, we will take a quick look at Amazon Certificate Manager for SSL certificates and mention additional services like Amazon Detective, GuardDuty, Macie, WAF.

AWS SSA Webinar 11 - Getting started on AWS: Security

Cobus Bernard

AWS物聯網基礎架構及連線概覽

Amazon Web Services

With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and explain features for account structuring, user configuration, provisioning, networking and operation automation. The Migration Landing Zone solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and AWS Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations. Speaker: Koen Biggelaar, Senior Manager, Solutions Architecture, Amazon Web Services and Mahmoud ElZayet

Simplify & Standardise Your Migration to AWS with a Migration Landing Zone

Amazon Web Services

AWS Webcast - Splunk and Autodesk

Amazon Web Services

Simplify & Standardise your migration to AWS with a Migration Landing Zone

Amazon Web Services

Fox pong mvp architectual overview

daviddaedalus

Come learn how Elastic Beanstalk can help you go from code to running application in a matter of minutes, without the need to provision or manage any of the underlying Amazon Web Services (AWS) resources. Hear how Qualcomm is able to migrate application to AWS faster than before through Forge, an internally built application platform that leverages Elastic Beanstalk to simplify the development and deployment of applications to AWS with security and organizational best practices out of the box.

PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...

Amazon Web Services

AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. This webinar will introduce the lifecycle of an IoT thing and the mechanisms used by AWS IoT to manage things. These mechanisms can be used to securely build and provision things, manage deployment, manage thing health, and integrate with other AWS services. And when the life of the thing has come to an end, we will show you how to retire the thing, keeping your solution secure. Learning Objectives: • Common IoT Thing Management Issues • AWS IoT Security and Access Control Mechanisms Who Should Attend: • Technical Decision Makers, Developers, Makers

The Lifecycle of an AWS IoT Thing

Amazon Web Services

Similar to AWS WAF adds support for Captcha (20)

Getting Started with AWS IoT

AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...

AWS Summit Barcelona 2015 - Introducing Amazon API Gateway

Module 1: AWS Introduction and History - AWSome Day Online Conference - APAC

Raleigh DevDay 2017: Distributed serverless stack tracing and monitoring

WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs

AWSome Day Galway Intro

WPS301-Navigating HIPAA and HITRUST_QuickStart Guide to Account Gov Strat.pdf

AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...

How Retail Insights, LLC Used Alert Logic to Meet Compliance Mandates and Enh...

Networking Best Practices for Your Serverless Applications

Getting Started on AWS

AWS SSA Webinar 11 - Getting started on AWS: Security

AWS物聯網基礎架構及連線概覽

Simplify & Standardise Your Migration to AWS with a Migration Landing Zone

AWS Webcast - Splunk and Autodesk

Simplify & Standardise your migration to AWS with a Migration Landing Zone

Fox pong mvp architectual overview

PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...

The Lifecycle of an AWS IoT Thing

More from Dhaval Soni

Introducing AWS Amplify Studio

Dhaval Soni

Since the Application layer is the closest layer to the user, how important do you think it is to secure it? Let me tell you, it is extremely essential. It provides the hackers and intruders with the largest threat surface and makes your web application vulnerable to attacks. In this presentation, we will discuss how AWS Shield Advanced has leveled up its game to strengthen the 7th layer security.

AWS Shield Advanced introduces automatic application-layer DDoS mitigation

Dhaval Soni

Cloud Development is a process that demands patience, precision, and undefeatable security compliance. How often do you feel stagnant simply because the cloud development code that you are dealing with is not reusable enough? You might often need the guidance of professionals and communities as well. Wouldn't it be great if you were a part of a community where the leading experts contribute reusable building blocks to simplify cloud development for you? If you find this statement agreeable then I am about to reveal something extremely useful to you.

AWS announces Construct Hub general availability

Dhaval Soni

Starting today, Amazon Virtual Private Cloud (VPC) allows you to create IPv6-only subnets in your dual-stack VPCs and launch EC2 instances built on Nitro System in these subnets. The launch of IPv6-only subnets allows customers to scale their deployments on AWS by not requiring any IPv4 addressing in the subnet. With a /64 IPv6 CIDR assignment to the subnet, it accommodates approximately 18 quintillion IP addresses for applications.

Amazon Virtual Private Cloud (VPC) customers can now create IPv6-only subnets...

Dhaval Soni

Application Load Balancer and Network Load Balancer end-to-end IPv6 support

Dhaval Soni

Amazon SQS Announces Server-Side Encryption with Amazon SQS-managed encryptio...

Dhaval Soni

Now on EC2 Image Builder, customers can share their Amazon Machine Images (AMIs) with AWS Organizations and Organizational Units (OUs) in the image distribution phase of their build process. As their organization structure changes, customers no longer have to manually update AMI permissions for individual AWS accounts in their organization. Customers can create OUs within AWS Organizations and manage AMI permissions for AWS accounts within those OUs.

EC2 Image Builder enables sharing Amazon Machine Images (AMIs) with AWS Organ...

Dhaval Soni

Amazon DynamoDB now helps you meet regulatory compliance and business continuity requirements through enhanced backup features, including copying on-demand backups cross-account and cross-Region, cost allocation tagging for backups, and transitioning backups to cold storage. In addition, backups managed through AWS Backup are now stored in the AWS Backup vault, which allows you to encrypt and secure your backups by using AWS Key Management Service (KMS) key that is independent from your DynamoDB table encryption key.

Amazon DynamoDB now helps you meet regulatory compliance and business continu...

Dhaval Soni

AWS Database Migration Service now supports Azure SQL Managed Instance as a s...

Dhaval Soni

With Amazon EC2 Auto Scaling’s new predictive scaling policy, you can now use custom metrics to predict the EC2 instance capacity needed by an Auto Scaling group. Predictive scaling proactively increases the capacity of an Auto Scaling group to meet predicted demand. For workloads that experience recurring, steep demand changes, predictive scaling can help improve your application’s responsiveness without having to overprovision capacity, resulting in lower EC2 costs. Custom metrics are useful when the predefined metrics (CPU Utilization, Network I/O, and ALB Request Count) are not sufficient to capture the load on your application. Previously, you could only use custom metrics with step scaling and target tracking, but you can now use them with predictive scaling as well.

Amazon EC2 Auto Scaling Now Supports Predictive Scaling with Custom Metrics

Dhaval Soni

Amazon s3 storage lens metrics now available in amazon cloud watch

Dhaval Soni

You can now use Amazon S3 Event Notifications with Amazon EventBridge to build, scale, and deploy event-driven applications based on changes to the data you store in S3. This makes it easier to act on new data in S3, build multiple applications that react to object changes simultaneously, and replay past events, all without creating additional copies of objects or developing new software. With increased flexibility to process events and send them to multiple targets, you can now create new serverless applications with advanced analytics and machine learning at scale more confidently without writing single-use custom code.

Amazon s3 event notifications with amazon event bridge help you build advance...

Dhaval Soni

Introducing the aws migration and modernization competency

Dhaval Soni

You can now build event-driven applications using Amazon S3 Event Notifications that trigger when objects are transitioned or expired (deleted) with S3 Lifecycle, or moved within the S3 Intelligent-Tiering storage class to its Archive Access or Deep Archive Access tiers. You can also trigger S3 Event Notifications for any changes to object tags or access control lists (ACLs). You can generate these new notifications for your entire bucket, or for a subset of your objects using prefixes or suffixes, and choose to deliver them to Amazon EventBridge, Amazon SNS, Amazon SQS, or an AWS Lambda function.

Amazon s3 adds new s3 event notifications for s3 lifecycle, s3 intelligent ti...

Dhaval Soni

Amazon FSx for Lustre can now automatically update file system contents as da...

Dhaval Soni

The Amazon Simple Storage Service (S3) console now reports security warnings, errors, and suggestions from Identity and Access Management (IAM) Access Analyzer as you author your S3 policies. The console automatically runs more than 100 policy checks to validate your policies. These checks save you time, guide you to resolve errors, and help you apply security best practices. By resolving errors and security warnings reported by the S3 console, you can validate that your policies are functional before you attach them to your S3 buckets or access points.

Amazon S3 console now reports security warnings, errors, and suggestions from...

Dhaval Soni

Amazon FSx for Lustre now supports automatically exporting file updates to Am...

Dhaval Soni

The next generation of Amazon FSx for Lustre file systems, built on AWS Graviton processors, provide three improvements to performance and price. First, the new file systems provide up to 5x higher throughput per terabyte (up to 1 GB/s per terabyte) compared to previous generation file systems. Second, with support for client instances with multiple network interfaces, you can now drive up to 400 Gbps of network bandwidth on Amazon EC2 instances such as P4d and DL1. Third, the next generation of FSx for Lustre file systems reduce your cost of throughput by up to 60% compared to previous generation file systems.

Announcing the next generation of amazon f sx for lustre file systems

Dhaval Soni

Amazon Pinpoint launches in-app messaging as a new communications channel

Dhaval Soni

Amazon FSx for Lustre now supports linking multiple Amazon S3 buckets to a fi...

Dhaval Soni

More from Dhaval Soni (20)