🛡️Get the current recommendations for implementing #AWSWAF to protect existing and new web applications 👇👇👇
1/Understand what type of threats your web applications may be facing. Web applications face different kinds of threats that #AWSWAF can help you mitigate, such as:
⮞DDoS Attacks
⮞Web application attacks
⮞Bots
go.aws/3IBdtco
⮞DDoS Attacks
⮞Web application attacks
⮞Bots
go.aws/3IBdtco
2/Gather and define the requirements which will make this implementation successful for your business. Some common #AWSWAF requirements include:
⮞Protections
⮞Governance
⮞Logging
go.aws/3cjeE4s
⮞Protections
⮞Governance
⮞Logging
go.aws/3cjeE4s
3/Once requirements have been identified, an application can be chosen to deploy AWS WAF. For example, AWS recommends deploying WAF with #AmazonCloudFront for the best security posture. go.aws/3o00O9w
4/Deploy the application in a staging environment for validation. AWS recommends starting with the following setup:
⮞Add rules based on your defined requirement
⮞Enable rate-based rules to protect yourself against DDoS types of attack
go.aws/3aANgOT
⮞Add rules based on your defined requirement
⮞Enable rate-based rules to protect yourself against DDoS types of attack
go.aws/3aANgOT
5/Monitor your WAF implementation to have good visibility of what is being blocked by your web ACL. There are multiple monitoring options available with #AWSWAF. go.aws/3o4BeQE
6/Test & tune to mitigate false negatives and false positives. False negatives are attacks that were not caught by WAF and require hardened rules. False positives are legitimate requests considered by WAF wrongly as attacks and blocked as a consequence. go.aws/3nYTZ8i
7/All that's left is to do is deploy to production and regularly review & monitor your application! go.aws/3o8KtiJ 🎉
• • •
Missing some Tweet in this thread? You can try to
force a refresh
