SlideShare a Scribd company logo
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Nate Dye, AWS Edge Services
October 2015
SEC323
Securing Web Applications with
AWS WAF
What to expect from this session
Deep dive
AWS WAF
Web defense
strategies
Automation for
better security
AWS WAF 301
What to expect from this session
Web defense
strategies
Automation for
better security
Deep dive
AWS WAF
AWS WAF 301
Why AWS WAF?
Application vulnerabilities
Good users
Bad guys
Web server Database
Exploit
code
Why AWS WAF?
Abuse
Good users
Bad guys
Web server Database
Why AWS WAF?
Application DDoS
Good users
Bad guys
Web server Database
What is AWS WAF?
Application DDoS
Good users
Bad guys
Web server Database
AWS
WAF
What is AWS WAF?
Application DDoS
Good users
Bad guys
Web server Database
AWS
WAF
AWS WAF rules:
1: BLOCK requests from bad guys.
2: ALLOW requests from good guys.
What is AWS WAF?
Application DDoS
Good users
Bad guys
Web server Database
AWS
WAF
Traditional WAF
Setup is complex and slow
Traditional WAF
Rules with too many false positives
Traditional WAF
No APIs for automation
AWS WAF
Block or allow web requests Monitor security events
AWS WAF
New API and console Protect websites and content
AWS WAF
Amazon CloudFront
Benefits of AWS WAF
Practical security
made easy
Customizable and
flexible
Integrate with
development
Benefits of AWS WAF
Practical security
made easy
Customizable and
flexible
Integrate with
development
Benefits of AWS WAF
Practical security
made easy
Customizable and
flexible
Integrate with
development
Benefits of AWS WAF
Practical security
made easy
Customizable and
flexible
Integrate with
development
What to expect from this session
Web defense
strategies
Automation for
better security
Deep dive
AWS WAF
AWS WAF 301
Setting Up AWS WAF
1. Create a web ACL.
ALLOW requests by default,
but…
2. Add a rule.
BLOCK if…
3. Add match
conditions.
the source IP
matches this
list…
4. Assign to
CloudFront.
for any request to
d123.cloudfront.net.
Setting Up AWS WAF
<First Run Demo>
But wait, there’s more
Match conditions
• IP
• String
• SQLi
Customizable rules
• AND/OR
• Block, allow, or
count
• Ordered
conditions
Fast feedback
• ~1 minute for
changes
• 1-minute metrics
• Request samples
But wait, there’s more
Match conditions
• IP
• String
• SQLi
Customizable rules
• AND/OR
• Block, allow, or
count
• Ordered
conditions
Fast feedback
• ~1 minute for
changes
• 1-minute metrics
• Request samples
Match conditions: IPSets
CIDR notation on octet boundaries:
• 192.0.0.0/8 – Matches 192.*.*.*
• 192.168.0.0/16
• 192.168.32.0/24
• 192.168.32.64/32 – Matches a full IP address exactly
Match conditions: IPSets
• 1,000 CIDRs per IPSet
• 10,000 CIDRs per web ACL
• Matches connecting IP, not XFF
Match conditions: Strings and bytes
• Match any part of the web request
• Common use case: Referrer whitelisting
Match conditions: Strings and bytes
Match any part of the web request
Host: www.example.com
User-Agent: Mozilla/5.0 (Macintosh; …
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referrer: http://www.example.com/
Connection: keep-alive
AWS
WAF
RAW request headers
CloudFront
Check: Header “Referrer”
Match Type: Contains
Match: “example.com”
Action: ALLOW
Rule
String match condition
Good users
Match conditions: Strings and bytes
Use transforms to stop evasion
Host: www.example.com
User-Agent: badbot
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referrer: http://www.example.com/
Connection: keep-alive
AWS
WAF
RAW request headers
CloudFront
Check: Header “User-Agent”
Match Type: Contains
Match: “badbot”
Action: BLOCK
Rule
String match condition
Scraper bot
Match conditions: Strings and bytes
Use transforms to stop evasion
Host: www.example.com
User-Agent: bAdBoT
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referrer: http://www.InTeRnEtkItTiEs.com/
Connection: keep-alive
AWS
WAF
RAW request headers
CloudFront
Check: Header “User-Agent”
Transform: To lower
Match Type: Contains
Match: “badbot”
Action: BLOCK
Rule
String match condition
Scraper bot
Match conditions: Strings and bytes
Flexible match conditions
1. Contains
2. Exact
3. Begins with
4. Ends with
5. Contains word
Match conditions: Strings and bytes
Malicious binary? We can find it.
“iVBORw0KGgoAAAAN”
8950 4e47
0d0a 1a0a
0000 000d
bad.bin
1. Select binary file 2. Base64 encode 3. Set match criteria
$> base64 bad.bin
iVBORw0KGgoAAAAN
Match conditions: Strings and bytes
• 10 matches per string match set
• 1,000 matches in a web ACL
Match conditions: SQLi
Check your query strings, URL decode
Match conditions: SQLi
/login?x=test%27%20UNION%20ALL%20select%20NULL%20--
/login?x=test’ UNION ALL select NULL --
Transform: URL Decode
True
Match: SQL Injection
Check your query strings, URL decode
But wait, there’s more
Match conditions
• IP
• String
• SQLi
Customizable rules
• AND/OR
• Block, allow, or
count
• Ordered
conditions
Fast feedback
• ~1 minute for
changes
• 1-minute metrics
• Request samples
Combining conditions
Restrict a rule to specific URIs, such as the login page.
Public Internet
Seattle admins AWS
WAF
/admin/login.cgi
/*
Combining conditions
Restrict a rule to specific URIs, such as the login page.
IP match
String match
Adding whitelist exceptions
You can whitelist with ALLOW actions on a rule.
Reuse conditions
You can reuse any part of a web ACL.
CloudFront
distributions
Web ACL #1
Web ACL #2
Shared blacklist
But wait, there’s more
Match conditions
• IP
• String
• SQLi
Customizable rules
• AND/OR
• Block, allow, or
count
• Ordered
conditions
Fast feedback
• ~1 minute for
changes
• 1-minute metrics
• Request samples
Observing rules in action
Finding requests that
match your rules
Setting up detection alarms
<Example Demo>
Building blocks for web security
APIs, SDKs, and CLIs!
Java Python (boto) PHP .NET Ruby Node.js
iOS Android AWS Toolkit for
Visual Studio
AWS Toolkit
for Eclipse
AWS Tools for
Windows
PowerShell
AWS CLI
JavaScript
GetChangeToken
$ aws --endpoint-url https://waf.amazonaws.com/ waf
get-change-token
{
"ChangeToken”:"d4c4f53b-9c7e-47ce-9140-0ee5765d6bff"
}
Create*
$ aws --endpoint-url https://waf.amazon.com/ waf
create-web-acl
--name BetaTest
--metric-name BetaTest
--default-action Type=ALLOW
--change-token d4c4f53b-9c7e-47ce-9140-0ee5765d6bff
GetChangeTokenStatus
$ aws --endpoint-url https://waf.amazonaws.com/ waf
get-change-token-status
--change-token d4c4f53b-9c7e-47ce-9140-0ee5765d6bff
{
"ChangeTokenStatus":{
”ChangeToken":"d4c4f53b-9c7e-47ce-9140-0ee5765d6bff ",
“Status”:
"PROVISIONED", OR
"PENDING", OR
"INSYNC"
]
},
}
Update*Set
$ aws --endpoint-url https://waf.amazonaws.com/ waf
update-ip-set
--ip-set-id
--change-token d4c4f53b-9c7e-47ce-9140-0ee5765d6bff
--updates
[
{"Action": "INSERT",
"IPSetDescriptor":
{"Type": "IPV4",
"Value": "192.168.0.0/16"}
},
{"Action": "INSERT",
"IPSetDescriptor":
{"Type": "IPV4",
"Value": "192.168.5.0/24"}
}
]
GetSampledRequests
{
"SampledRequests": [
{
"Action": "BLOCK",
"Timestamp": 1441839596.476,
"Request": {
"Country": "IE",
"URI": "/",
"Headers": [
{
"Name": "Host",
"Value": "d123abc.cloudfront.net"
},
{
"Name": "User-Agent",
"Value": "curl/7.30.0"
},
"ClientIP": "54.240.197.225",
"Method": "GET",
"HTTPVersion": "HTTP/1.0"
Pay for what you use
• No upfront minimums
• Use it for just an hour, or always on
Pay for what you use
• $5 per web ACL, $1 per rule per month
• Reuse across a CloudFront distribution with no additional charge
• Use more rules for more visibility
• $0.60 per million requests
Pay for what you use
• Low monthly minimum, scales with volume
• Typical monthly bill
• Test environment (1 rule): $6 per month
• Small site (6 rules, 58M views): $46 per month
• Medium site (6 rules, 260M views): $167 per month
What to expect from this session
Web defense
strategies
Automation for
better security
AWS WAF 101
Deep dive
AWS WAF
Negative
• Typical of prod deployment
• ALLOW by default
• BLOCK known-bad threats
Rule strategy comparison
Positive
• Typical of restricted site
• BLOCK by default
• ALLOW known-good
Examples
• BLOCK MalwareIncIPRange
• BLOCK “{;}”
Examples
• ALLOW SeattleOfficeIPRange
• ALLOW referrer header “example.com”
Mitigation strategies
• Static policies – For unchanging known-bad threats
• Reactive policies – For dynamic emerging threats
Use count rules to find bad actors
Count mode
Alert on Amazon CloudWatch metrics
Get sampled requests
Add bad IPs to BlackList
Putting it all together
Rule Order:
1. WhiteListed IPs – ALLOW
2. BlackListed IPs – BLOCK
3. BlackListedSignatures – BLOCK
4. SQLInjection – COUNT
5. SuspiciousActivity - COUNT
Default: ALLOW
Customer example: Finding bad requestors
ConnectWise
1. Uses negative security model
2. Monitors known-bad activity
3. Reactively bans bad requests
Users
APIs
CloudFront
Auto Scaling
Elastic Load Balancing
Amazon EC2 Amazon EC2 Amazon EC2
Amazon EC2 Amazon EC2 Amazon EC2
API calls made into
the environment
ConnectWise API architecture
AWS WAF
ConnectWise API with AWS WAF
Users
APIs
CloudFront
Auto Scaling
Elastic Load Balancing
Amazon EC2
Amazon EC2
Example of an old API call
API
Version
Create a rule to block old versions
Check: Header “Contains”
Match Type: Contains
Match: “/v2015_3/”
Action: Block
Rule
String Match Condition
API VersionAPI Version
byteset.json
{
"ByteMatchSetId": "e13d4ed4-2b47-4313-8173-d0370e58ac20",
"ChangeToken": "fab95c78-c969-4845-876f-6f2bc8283ea3",
"Updates": [
{
"Action": "INSERT",
"ByteMatchTuple": {
"FieldToMatch": {
"Type": "URI"
},
"PositionalConstraint": "CONTAINS",
"TargetString": "/v2015_3/",
"TextTransformation": "LOWERCASE"
}
}
]
}
Old requests are blocked
Access Denied
Example of a invalid user request
Cookie Value of
Invalid User
Create a rule to block invalid users
cookie-byte-match-set.json
{
"Updates": [
{
"ByteMatchTuple": {
"TextTransformation": "LOWERCASE",
"TargetString": "companyname=cwqaman_p",
"PositionalConstraint": "CONTAINS",
"FieldToMatch": {
"Type": "HEADER",
"Data": "Cookie"
}
},
"Action": "INSERT"
}
],
"ChangeToken": "988120ac-9040-4a26-bbe0-3282bc5410ce",
"ByteMatchSetId": "2fdd991d-9b44-4d41-9231-7aa92dfe5ffe"
}
Rule
String Match Condition
Action: Block
Check: Header “Contains”
Match Type: Contains
Match: “companyname=cwqaman_p”
Cookie Value of
Invalid User
Cookie Value of
Invalid User
Invalid users are blocked
Savings.
• Decrease amounts of machines
• Currently saving 20% during peak hours
Results
What to expect from this session
Web defense
strategies
Automation for
better security
AWS WAF 101
Deep dive
AWS WAF
Automatic behavioral analysis
AWS WAF automated blacklists
Good users
Bad guys
Server
AWS
WAF
Logs
Threat
analysis
Rule updater
Bad Bot Demo
Step 1: Robots.txt – “Don’t index /honeypot”
Step 2: Create a rule: Count /honeypot
Step 3: Ban Bad Bots
See it in action:
STG205 - Secure Content Delivery Using Amazon CloudFront
OR
AWS New Services Booth
Automatic behavioral analysis
Amazon is not the only one…
Repsheet open-source behavioral analysis
• http://www.slideshare.net/abedra/knock-knock-24105973
• https://github.com/repsheet/repsheet
Automatic reactive mitigations
AWS WAF partners
Automatic behavioral analysis
Alert Logic Proof of Concept
Good users
Bad guys
Server
AWS WAF
Update
blacklist
Automatic incident reports
CloudWatch
Alarm
SNS
Topic
AWS Lambda
AWS WAF
Operator
SNS
Topic
1. Alarm on count 2. Send
Amazon SNS
notification
4. Format
sampled requests
5. Get
sampled requests
6. Send email
notification
Remember to complete
your evaluations!
Thank you!
Get started with AWS WAF:
https://console.aws.amazon.com/waf

More Related Content

What's hot

[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
Amazon Web Services Korea
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
클라우드 보안 이슈 및 원격 관제 기반 대응 방안 - AWS Summit Seoul 2017
클라우드 보안 이슈 및 원격 관제 기반 대응 방안 - AWS Summit Seoul 2017클라우드 보안 이슈 및 원격 관제 기반 대응 방안 - AWS Summit Seoul 2017
클라우드 보안 이슈 및 원격 관제 기반 대응 방안 - AWS Summit Seoul 2017
Amazon Web Services Korea
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar
Amazon Web Services
 
Aws VPC
Aws VPCAws VPC
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best Practices
Amazon Web Services
 
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksDeep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Amazon Web Services
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
Ernest Chiang
 
AWS Cloud trail
AWS Cloud trailAWS Cloud trail
AWS Cloud trail
zekeLabs Technologies
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets Manager
Amazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...
Amazon Web Services
 
DDoS 방어를 위한 Cloudflare 활용법
DDoS 방어를 위한 Cloudflare 활용법DDoS 방어를 위한 Cloudflare 활용법
DDoS 방어를 위한 Cloudflare 활용법
Jean Ryu
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Amazon Web Services
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Edureka!
 
9월 웨비나 - AWS 클라우드 보안의 이해 (양승도 솔루션즈 아키텍트)
9월 웨비나 - AWS 클라우드 보안의 이해 (양승도 솔루션즈 아키텍트)9월 웨비나 - AWS 클라우드 보안의 이해 (양승도 솔루션즈 아키텍트)
9월 웨비나 - AWS 클라우드 보안의 이해 (양승도 솔루션즈 아키텍트)
Amazon Web Services Korea
 
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Amazon Web Services
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 

What's hot (20)

[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
클라우드 보안 이슈 및 원격 관제 기반 대응 방안 - AWS Summit Seoul 2017
클라우드 보안 이슈 및 원격 관제 기반 대응 방안 - AWS Summit Seoul 2017클라우드 보안 이슈 및 원격 관제 기반 대응 방안 - AWS Summit Seoul 2017
클라우드 보안 이슈 및 원격 관제 기반 대응 방안 - AWS Summit Seoul 2017
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar
 
Aws VPC
Aws VPCAws VPC
Aws VPC
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best Practices
 
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksDeep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
 
AWS Cloud trail
AWS Cloud trailAWS Cloud trail
AWS Cloud trail
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets Manager
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...
 
DDoS 방어를 위한 Cloudflare 활용법
DDoS 방어를 위한 Cloudflare 활용법DDoS 방어를 위한 Cloudflare 활용법
DDoS 방어를 위한 Cloudflare 활용법
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
 
9월 웨비나 - AWS 클라우드 보안의 이해 (양승도 솔루션즈 아키텍트)
9월 웨비나 - AWS 클라우드 보안의 이해 (양승도 솔루션즈 아키텍트)9월 웨비나 - AWS 클라우드 보안의 이해 (양승도 솔루션즈 아키텍트)
9월 웨비나 - AWS 클라우드 보안의 이해 (양승도 솔루션즈 아키텍트)
 
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 

Viewers also liked

(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?
Amazon Web Services
 
自動化テスト道への歩み - PM編
自動化テスト道への歩み - PM編自動化テスト道への歩み - PM編
自動化テスト道への歩み - PM編
Akira Jing
 
スタートアップでのAWS(Amazon Web Services)活用事例
スタートアップでのAWS(Amazon Web Services)活用事例スタートアップでのAWS(Amazon Web Services)活用事例
スタートアップでのAWS(Amazon Web Services)活用事例
schoowebcampus
 
Awsのインフラをデザインパターン駆使して設計構築
Awsのインフラをデザインパターン駆使して設計構築Awsのインフラをデザインパターン駆使して設計構築
Awsのインフラをデザインパターン駆使して設計構築
Monstar Lab Inc.
 
AWSクラウドデザインパターン VPC移行編
AWSクラウドデザインパターン VPC移行編AWSクラウドデザインパターン VPC移行編
AWSクラウドデザインパターン VPC移行編Yasuhiro Araki, Ph.D
 
プログラマに贈るクラウドとの上手な付き合い方
プログラマに贈るクラウドとの上手な付き合い方プログラマに贈るクラウドとの上手な付き合い方
プログラマに贈るクラウドとの上手な付き合い方
Keisuke Nishitani
 
AWS Cloud Design Pattern for Enterprise
AWS Cloud Design Pattern for EnterpriseAWS Cloud Design Pattern for Enterprise
AWS Cloud Design Pattern for Enterprise
Akio Katayama
 
AWSクラウドデザインパターン(CDP) - 概要編 -
AWSクラウドデザインパターン(CDP) - 概要編 - AWSクラウドデザインパターン(CDP) - 概要編 -
AWSクラウドデザインパターン(CDP) - 概要編 - SORACOM, INC
 
Lv1から始めるWebサービスのインフラ構築
Lv1から始めるWebサービスのインフラ構築Lv1から始めるWebサービスのインフラ構築
Lv1から始めるWebサービスのインフラ構築
伊藤 祐策
 
実践!AWSクラウドデザインパターン
実践!AWSクラウドデザインパターン実践!AWSクラウドデザインパターン
実践!AWSクラウドデザインパターンHiroyasu Suzuki
 
AWS Black Belt Online Seminar 2017 AWS Shield
AWS Black Belt Online Seminar 2017 AWS ShieldAWS Black Belt Online Seminar 2017 AWS Shield
AWS Black Belt Online Seminar 2017 AWS Shield
Amazon Web Services Japan
 
WebサービスStartUP向け AWSスケーラブルな構成例
WebサービスStartUP向け AWSスケーラブルな構成例WebサービスStartUP向け AWSスケーラブルな構成例
WebサービスStartUP向け AWSスケーラブルな構成例Amazon Web Services Japan
 

Viewers also liked (12)

(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?
 
自動化テスト道への歩み - PM編
自動化テスト道への歩み - PM編自動化テスト道への歩み - PM編
自動化テスト道への歩み - PM編
 
スタートアップでのAWS(Amazon Web Services)活用事例
スタートアップでのAWS(Amazon Web Services)活用事例スタートアップでのAWS(Amazon Web Services)活用事例
スタートアップでのAWS(Amazon Web Services)活用事例
 
Awsのインフラをデザインパターン駆使して設計構築
Awsのインフラをデザインパターン駆使して設計構築Awsのインフラをデザインパターン駆使して設計構築
Awsのインフラをデザインパターン駆使して設計構築
 
AWSクラウドデザインパターン VPC移行編
AWSクラウドデザインパターン VPC移行編AWSクラウドデザインパターン VPC移行編
AWSクラウドデザインパターン VPC移行編
 
プログラマに贈るクラウドとの上手な付き合い方
プログラマに贈るクラウドとの上手な付き合い方プログラマに贈るクラウドとの上手な付き合い方
プログラマに贈るクラウドとの上手な付き合い方
 
AWS Cloud Design Pattern for Enterprise
AWS Cloud Design Pattern for EnterpriseAWS Cloud Design Pattern for Enterprise
AWS Cloud Design Pattern for Enterprise
 
AWSクラウドデザインパターン(CDP) - 概要編 -
AWSクラウドデザインパターン(CDP) - 概要編 - AWSクラウドデザインパターン(CDP) - 概要編 -
AWSクラウドデザインパターン(CDP) - 概要編 -
 
Lv1から始めるWebサービスのインフラ構築
Lv1から始めるWebサービスのインフラ構築Lv1から始めるWebサービスのインフラ構築
Lv1から始めるWebサービスのインフラ構築
 
実践!AWSクラウドデザインパターン
実践!AWSクラウドデザインパターン実践!AWSクラウドデザインパターン
実践!AWSクラウドデザインパターン
 
AWS Black Belt Online Seminar 2017 AWS Shield
AWS Black Belt Online Seminar 2017 AWS ShieldAWS Black Belt Online Seminar 2017 AWS Shield
AWS Black Belt Online Seminar 2017 AWS Shield
 
WebサービスStartUP向け AWSスケーラブルな構成例
WebサービスStartUP向け AWSスケーラブルな構成例WebサービスStartUP向け AWSスケーラブルな構成例
WebサービスStartUP向け AWSスケーラブルな構成例
 

Similar to (SEC323) New: Securing Web Applications with AWS WAF

AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
Amazon Web Services
 
Aws meetup aws_waf
Aws meetup aws_wafAws meetup aws_waf
Aws meetup aws_waf
Adam Book
 
網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間
Amazon Web Services
 
Web Security Automation: Spend Less Time Securing your Applications
 	  Web Security Automation: Spend Less Time Securing your Applications 	  Web Security Automation: Spend Less Time Securing your Applications
Web Security Automation: Spend Less Time Securing your Applications
Amazon Web Services
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Amazon Web Services
 
Introduction to AWS WAF and AWS Firewall Manager
Introduction to AWS WAF and AWS Firewall ManagerIntroduction to AWS WAF and AWS Firewall Manager
Introduction to AWS WAF and AWS Firewall Manager
Akesh Patil
 
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
Amazon Web Services
 
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Amazon Web Services
 
Using AWS WAF and Lambda for Automatic Protection
Using AWS WAF and Lambda for Automatic ProtectionUsing AWS WAF and Lambda for Automatic Protection
Using AWS WAF and Lambda for Automatic Protection
Amazon Web Services
 
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
Amazon Web Services
 
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
Amazon Web Services
 
Introduction to Threat Detection and Remediation
Introduction to Threat Detection and RemediationIntroduction to Threat Detection and Remediation
Introduction to Threat Detection and Remediation
Amazon Web Services
 
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You ScaleENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
Amazon Web Services
 
Being Well Architected in the Cloud
Being Well Architected in the CloudBeing Well Architected in the Cloud
Being Well Architected in the Cloud
Adrian Hornsby
 
Automating Compliance for Financial Institutions - AWS Summit SG 2017
Automating Compliance for Financial Institutions - AWS Summit SG 2017Automating Compliance for Financial Institutions - AWS Summit SG 2017
Automating Compliance for Financial Institutions - AWS Summit SG 2017
Amazon Web Services
 
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You ScaleENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
Amazon Web Services
 
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
Amazon Web Services
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Amazon Web Services
 
How to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech Talks
How to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech TalksHow to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech Talks
How to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech Talks
Amazon Web Services
 
Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with Security
Amazon Web Services
 

Similar to (SEC323) New: Securing Web Applications with AWS WAF (20)

AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
 
Aws meetup aws_waf
Aws meetup aws_wafAws meetup aws_waf
Aws meetup aws_waf
 
網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間
 
Web Security Automation: Spend Less Time Securing your Applications
 	  Web Security Automation: Spend Less Time Securing your Applications 	  Web Security Automation: Spend Less Time Securing your Applications
Web Security Automation: Spend Less Time Securing your Applications
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
 
Introduction to AWS WAF and AWS Firewall Manager
Introduction to AWS WAF and AWS Firewall ManagerIntroduction to AWS WAF and AWS Firewall Manager
Introduction to AWS WAF and AWS Firewall Manager
 
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
 
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
 
Using AWS WAF and Lambda for Automatic Protection
Using AWS WAF and Lambda for Automatic ProtectionUsing AWS WAF and Lambda for Automatic Protection
Using AWS WAF and Lambda for Automatic Protection
 
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
 
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
 
Introduction to Threat Detection and Remediation
Introduction to Threat Detection and RemediationIntroduction to Threat Detection and Remediation
Introduction to Threat Detection and Remediation
 
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You ScaleENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
 
Being Well Architected in the Cloud
Being Well Architected in the CloudBeing Well Architected in the Cloud
Being Well Architected in the Cloud
 
Automating Compliance for Financial Institutions - AWS Summit SG 2017
Automating Compliance for Financial Institutions - AWS Summit SG 2017Automating Compliance for Financial Institutions - AWS Summit SG 2017
Automating Compliance for Financial Institutions - AWS Summit SG 2017
 
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You ScaleENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
 
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
 
How to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech Talks
How to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech TalksHow to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech Talks
How to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech Talks
 
Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with Security
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 

Recently uploaded (20)

Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 

(SEC323) New: Securing Web Applications with AWS WAF

  • 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Nate Dye, AWS Edge Services October 2015 SEC323 Securing Web Applications with AWS WAF
  • 2. What to expect from this session Deep dive AWS WAF Web defense strategies Automation for better security AWS WAF 301
  • 3. What to expect from this session Web defense strategies Automation for better security Deep dive AWS WAF AWS WAF 301
  • 4. Why AWS WAF? Application vulnerabilities Good users Bad guys Web server Database Exploit code
  • 5. Why AWS WAF? Abuse Good users Bad guys Web server Database
  • 6. Why AWS WAF? Application DDoS Good users Bad guys Web server Database
  • 7. What is AWS WAF? Application DDoS Good users Bad guys Web server Database AWS WAF
  • 8. What is AWS WAF? Application DDoS Good users Bad guys Web server Database AWS WAF AWS WAF rules: 1: BLOCK requests from bad guys. 2: ALLOW requests from good guys.
  • 9. What is AWS WAF? Application DDoS Good users Bad guys Web server Database AWS WAF
  • 10. Traditional WAF Setup is complex and slow
  • 11. Traditional WAF Rules with too many false positives
  • 12. Traditional WAF No APIs for automation
  • 14. Block or allow web requests Monitor security events AWS WAF
  • 15. New API and console Protect websites and content AWS WAF Amazon CloudFront
  • 16. Benefits of AWS WAF Practical security made easy Customizable and flexible Integrate with development
  • 17. Benefits of AWS WAF Practical security made easy Customizable and flexible Integrate with development
  • 18. Benefits of AWS WAF Practical security made easy Customizable and flexible Integrate with development
  • 19. Benefits of AWS WAF Practical security made easy Customizable and flexible Integrate with development
  • 20. What to expect from this session Web defense strategies Automation for better security Deep dive AWS WAF AWS WAF 301
  • 21. Setting Up AWS WAF 1. Create a web ACL. ALLOW requests by default, but… 2. Add a rule. BLOCK if… 3. Add match conditions. the source IP matches this list… 4. Assign to CloudFront. for any request to d123.cloudfront.net.
  • 22. Setting Up AWS WAF <First Run Demo>
  • 23. But wait, there’s more Match conditions • IP • String • SQLi Customizable rules • AND/OR • Block, allow, or count • Ordered conditions Fast feedback • ~1 minute for changes • 1-minute metrics • Request samples
  • 24. But wait, there’s more Match conditions • IP • String • SQLi Customizable rules • AND/OR • Block, allow, or count • Ordered conditions Fast feedback • ~1 minute for changes • 1-minute metrics • Request samples
  • 25. Match conditions: IPSets CIDR notation on octet boundaries: • 192.0.0.0/8 – Matches 192.*.*.* • 192.168.0.0/16 • 192.168.32.0/24 • 192.168.32.64/32 – Matches a full IP address exactly
  • 26. Match conditions: IPSets • 1,000 CIDRs per IPSet • 10,000 CIDRs per web ACL • Matches connecting IP, not XFF
  • 27. Match conditions: Strings and bytes • Match any part of the web request • Common use case: Referrer whitelisting
  • 28. Match conditions: Strings and bytes Match any part of the web request Host: www.example.com User-Agent: Mozilla/5.0 (Macintosh; … Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referrer: http://www.example.com/ Connection: keep-alive AWS WAF RAW request headers CloudFront Check: Header “Referrer” Match Type: Contains Match: “example.com” Action: ALLOW Rule String match condition Good users
  • 29. Match conditions: Strings and bytes Use transforms to stop evasion Host: www.example.com User-Agent: badbot Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referrer: http://www.example.com/ Connection: keep-alive AWS WAF RAW request headers CloudFront Check: Header “User-Agent” Match Type: Contains Match: “badbot” Action: BLOCK Rule String match condition Scraper bot
  • 30. Match conditions: Strings and bytes Use transforms to stop evasion Host: www.example.com User-Agent: bAdBoT Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referrer: http://www.InTeRnEtkItTiEs.com/ Connection: keep-alive AWS WAF RAW request headers CloudFront Check: Header “User-Agent” Transform: To lower Match Type: Contains Match: “badbot” Action: BLOCK Rule String match condition Scraper bot
  • 31. Match conditions: Strings and bytes Flexible match conditions 1. Contains 2. Exact 3. Begins with 4. Ends with 5. Contains word
  • 32. Match conditions: Strings and bytes Malicious binary? We can find it. “iVBORw0KGgoAAAAN” 8950 4e47 0d0a 1a0a 0000 000d bad.bin 1. Select binary file 2. Base64 encode 3. Set match criteria $> base64 bad.bin iVBORw0KGgoAAAAN
  • 33. Match conditions: Strings and bytes • 10 matches per string match set • 1,000 matches in a web ACL
  • 34. Match conditions: SQLi Check your query strings, URL decode
  • 35. Match conditions: SQLi /login?x=test%27%20UNION%20ALL%20select%20NULL%20-- /login?x=test’ UNION ALL select NULL -- Transform: URL Decode True Match: SQL Injection Check your query strings, URL decode
  • 36. But wait, there’s more Match conditions • IP • String • SQLi Customizable rules • AND/OR • Block, allow, or count • Ordered conditions Fast feedback • ~1 minute for changes • 1-minute metrics • Request samples
  • 37. Combining conditions Restrict a rule to specific URIs, such as the login page. Public Internet Seattle admins AWS WAF /admin/login.cgi /*
  • 38. Combining conditions Restrict a rule to specific URIs, such as the login page. IP match String match
  • 39. Adding whitelist exceptions You can whitelist with ALLOW actions on a rule.
  • 40. Reuse conditions You can reuse any part of a web ACL. CloudFront distributions Web ACL #1 Web ACL #2 Shared blacklist
  • 41. But wait, there’s more Match conditions • IP • String • SQLi Customizable rules • AND/OR • Block, allow, or count • Ordered conditions Fast feedback • ~1 minute for changes • 1-minute metrics • Request samples
  • 42. Observing rules in action Finding requests that match your rules
  • 43. Setting up detection alarms <Example Demo>
  • 44. Building blocks for web security APIs, SDKs, and CLIs! Java Python (boto) PHP .NET Ruby Node.js iOS Android AWS Toolkit for Visual Studio AWS Toolkit for Eclipse AWS Tools for Windows PowerShell AWS CLI JavaScript
  • 45. GetChangeToken $ aws --endpoint-url https://waf.amazonaws.com/ waf get-change-token { "ChangeToken”:"d4c4f53b-9c7e-47ce-9140-0ee5765d6bff" }
  • 46. Create* $ aws --endpoint-url https://waf.amazon.com/ waf create-web-acl --name BetaTest --metric-name BetaTest --default-action Type=ALLOW --change-token d4c4f53b-9c7e-47ce-9140-0ee5765d6bff
  • 47. GetChangeTokenStatus $ aws --endpoint-url https://waf.amazonaws.com/ waf get-change-token-status --change-token d4c4f53b-9c7e-47ce-9140-0ee5765d6bff { "ChangeTokenStatus":{ ”ChangeToken":"d4c4f53b-9c7e-47ce-9140-0ee5765d6bff ", “Status”: "PROVISIONED", OR "PENDING", OR "INSYNC" ] }, }
  • 48. Update*Set $ aws --endpoint-url https://waf.amazonaws.com/ waf update-ip-set --ip-set-id --change-token d4c4f53b-9c7e-47ce-9140-0ee5765d6bff --updates [ {"Action": "INSERT", "IPSetDescriptor": {"Type": "IPV4", "Value": "192.168.0.0/16"} }, {"Action": "INSERT", "IPSetDescriptor": {"Type": "IPV4", "Value": "192.168.5.0/24"} } ]
  • 49. GetSampledRequests { "SampledRequests": [ { "Action": "BLOCK", "Timestamp": 1441839596.476, "Request": { "Country": "IE", "URI": "/", "Headers": [ { "Name": "Host", "Value": "d123abc.cloudfront.net" }, { "Name": "User-Agent", "Value": "curl/7.30.0" }, "ClientIP": "54.240.197.225", "Method": "GET", "HTTPVersion": "HTTP/1.0"
  • 50. Pay for what you use • No upfront minimums • Use it for just an hour, or always on
  • 51. Pay for what you use • $5 per web ACL, $1 per rule per month • Reuse across a CloudFront distribution with no additional charge • Use more rules for more visibility • $0.60 per million requests
  • 52. Pay for what you use • Low monthly minimum, scales with volume • Typical monthly bill • Test environment (1 rule): $6 per month • Small site (6 rules, 58M views): $46 per month • Medium site (6 rules, 260M views): $167 per month
  • 53. What to expect from this session Web defense strategies Automation for better security AWS WAF 101 Deep dive AWS WAF
  • 54. Negative • Typical of prod deployment • ALLOW by default • BLOCK known-bad threats Rule strategy comparison Positive • Typical of restricted site • BLOCK by default • ALLOW known-good Examples • BLOCK MalwareIncIPRange • BLOCK “{;}” Examples • ALLOW SeattleOfficeIPRange • ALLOW referrer header “example.com”
  • 55. Mitigation strategies • Static policies – For unchanging known-bad threats • Reactive policies – For dynamic emerging threats
  • 56. Use count rules to find bad actors Count mode Alert on Amazon CloudWatch metrics Get sampled requests Add bad IPs to BlackList
  • 57. Putting it all together Rule Order: 1. WhiteListed IPs – ALLOW 2. BlackListed IPs – BLOCK 3. BlackListedSignatures – BLOCK 4. SQLInjection – COUNT 5. SuspiciousActivity - COUNT Default: ALLOW
  • 58. Customer example: Finding bad requestors ConnectWise 1. Uses negative security model 2. Monitors known-bad activity 3. Reactively bans bad requests
  • 59.
  • 60. Users APIs CloudFront Auto Scaling Elastic Load Balancing Amazon EC2 Amazon EC2 Amazon EC2 Amazon EC2 Amazon EC2 Amazon EC2 API calls made into the environment ConnectWise API architecture
  • 61. AWS WAF ConnectWise API with AWS WAF Users APIs CloudFront Auto Scaling Elastic Load Balancing Amazon EC2 Amazon EC2
  • 62. Example of an old API call API Version
  • 63. Create a rule to block old versions Check: Header “Contains” Match Type: Contains Match: “/v2015_3/” Action: Block Rule String Match Condition API VersionAPI Version byteset.json { "ByteMatchSetId": "e13d4ed4-2b47-4313-8173-d0370e58ac20", "ChangeToken": "fab95c78-c969-4845-876f-6f2bc8283ea3", "Updates": [ { "Action": "INSERT", "ByteMatchTuple": { "FieldToMatch": { "Type": "URI" }, "PositionalConstraint": "CONTAINS", "TargetString": "/v2015_3/", "TextTransformation": "LOWERCASE" } } ] }
  • 64. Old requests are blocked Access Denied
  • 65. Example of a invalid user request Cookie Value of Invalid User
  • 66. Create a rule to block invalid users cookie-byte-match-set.json { "Updates": [ { "ByteMatchTuple": { "TextTransformation": "LOWERCASE", "TargetString": "companyname=cwqaman_p", "PositionalConstraint": "CONTAINS", "FieldToMatch": { "Type": "HEADER", "Data": "Cookie" } }, "Action": "INSERT" } ], "ChangeToken": "988120ac-9040-4a26-bbe0-3282bc5410ce", "ByteMatchSetId": "2fdd991d-9b44-4d41-9231-7aa92dfe5ffe" } Rule String Match Condition Action: Block Check: Header “Contains” Match Type: Contains Match: “companyname=cwqaman_p” Cookie Value of Invalid User Cookie Value of Invalid User
  • 67. Invalid users are blocked
  • 68. Savings. • Decrease amounts of machines • Currently saving 20% during peak hours Results
  • 69. What to expect from this session Web defense strategies Automation for better security AWS WAF 101 Deep dive AWS WAF
  • 70. Automatic behavioral analysis AWS WAF automated blacklists Good users Bad guys Server AWS WAF Logs Threat analysis Rule updater
  • 71. Bad Bot Demo Step 1: Robots.txt – “Don’t index /honeypot” Step 2: Create a rule: Count /honeypot Step 3: Ban Bad Bots See it in action: STG205 - Secure Content Delivery Using Amazon CloudFront OR AWS New Services Booth
  • 72. Automatic behavioral analysis Amazon is not the only one… Repsheet open-source behavioral analysis • http://www.slideshare.net/abedra/knock-knock-24105973 • https://github.com/repsheet/repsheet
  • 74. Automatic behavioral analysis Alert Logic Proof of Concept Good users Bad guys Server AWS WAF Update blacklist
  • 75. Automatic incident reports CloudWatch Alarm SNS Topic AWS Lambda AWS WAF Operator SNS Topic 1. Alarm on count 2. Send Amazon SNS notification 4. Format sampled requests 5. Get sampled requests 6. Send email notification
  • 77. Thank you! Get started with AWS WAF: https://console.aws.amazon.com/waf