AWS Marketplace

Enhance web application security using AWS WAF and Cloudbric’s OWASP Top 10 managed rule set

There is a growing interest in defense against new attacks from the web, and implementing a robust security solution to protect the applications has become mandatory for enterprises. AWS WAF provides AWS WAF Managed Rules to make the process of establishing web application security easier and faster. AWS WAF Managed Rules is a set of rules written, managed, and maintained by AWS Marketplace sellers for AWS, designed for security engineers to spend less time writing firewall rules and invest more time in establishing applications.

Cloudbric is a cloud-based security platform that specializes in cloud-based web security solutions. Cloudbric offers a variety of cloud-based, fully managed, integrated web security services that range from Internet of Things (IoT) and end-point security services to a cyber threat intelligence platform. Using our own technology, Cloudbric has developed a rule set management service to reinforce and maintain web security from ever-changing new threats.

About Cloudbric Managed Rules for AWS: OWASP Top 10 Rule Set

Cloudbric Managed Rules for AWS: OWASP Top 10 Rule Set is based on the web security technology of the Cloudbric WAF+ service. This rule set incorporates the intelligent detection module of Cloudbric WAF+, which includes a web firewall detection engine that can identify abnormal patterns and behaviors from millions of traffic logs. This rule set provides complete web protection against the Open Worldwide Application Security Project (OWASP) Top 10 vulnerabilities, such as SQL injection and cross-site scripting (XSS).

In this tutorial, I will show you how to implement the Cloudbric Managed Rule Set for AWS WAF. This includes subscribing to the service and implementing it on your AWS account.

Prerequisites

To implement the Cloudbric Managed Rule Set for AWS WAF, you will need to have the following:

  • AWS account.
  • Pre-generated web access control lists (ACLs). For information on how to create ACLs, visit Creating a web ACL.

Subscribing to Cloudbric Managed Rule Set via AWS Marketplace

To subscribe to Cloudbric Rule Set in AWS WAF, do the following:

  1. Go to AWS Marketplace and in the upper right corner of the page, select Sign in. Sign in with your AWS account.
  2. In the search field, enter Cloudbric AWS WAF and go to the product details page of the rule set (OWASP Top 10 Rule Set) that you want to subscribe to.
  3. On the product details page of the rule set, you can find a product overview, information on pricing, usage, and support, and customer reviews. Review the provided information and, in the top right corner, select the View purchase options button.
  4. Confirm the subscription terms and price. In the lower right, select the Subscribe button.
  5. You should see a message in a green box saying To continue, set up your account and complete your registration.

In the top right corner, to complete the Cloudbric Rule Set subscription, select Set up your account.

How to implement Cloudbric’s Managed Rule Set to a web ACL

  1. Go to the AWS WAF console. To search for WAF & Shield, in the search field, enter WAF & Shield or follow this WAF & Shield link.
  2. From the Web ACLs menu under the AWS WAF dropdown, select the name of the web ACL to which you want to apply the Cloudbric Rule Set.
  3. Go to the Rules tab of the selected web ACL. From the Add Rules dropdown, select Add managed rule groups.
  4. Navigate to Cloudbric Corp. managed rule groups, select the dropdown, activate the Rule Set you subscribed to, and select Add rules.
  5. If you’d like to activate both Cloudbric Rule Sets, set the priority as the Malicious IP Reputation Rule Set to be applied first, and then complete the rule addition by selecting Save.
  6. Go to the Rules tab of the edited web ACL and verify that CloudbricCorp_Cloudbric_OWASPTop10RuleSet has been added.

Conclusion

In this blog post, I showed you how to subscribe to and implement the Cloudbric Managed Rule Set in a web ACL. For more information about the rule sets, you can read the detailed setting guide for Cloudbric managed rules, explore Cloudbric Managed Rules for AWS WAF – OWASP Top 10 Rule Set product overview on the AWS Marketplace seller page, or review the Cloudbric Managed Rule Release note.

The content and opinions in this post are those of the third-party author and AWS is not responsible for the content or accuracy of this post.

About the Author

Yongwook Lucas Yoon is a Global Marketing Manager at Cloudbric Corporation, with a strong focus on creating informative and insightful content in the field of cybersecurity. With his extensive passion of the industry, Lucas is dedicated to developing content that not only educates, but also helps individuals and organizations stay safe and secure in the rapidly evolving digital landscape.