AWS Security Blog
Tag: AWS WAF
New Security Whitepaper Now Available: Use AWS WAF to Mitigate OWASP’s Top 10 Web Application Vulnerabilities
Today, we released a new security whitepaper: Use AWS WAF to Mitigate OWASP’s Top 10 Web Application Vulnerabilities. This whitepaper describes how you can use AWS WAF, a web application firewall, to address the top application security flaws as named by the Open Web Application Security Project (OWASP). Using AWS WAF, you can write rules to […]
How to Help Protect Dynamic Web Applications Against DDoS Attacks by Using Amazon CloudFront and Amazon Route 53
Using a content delivery network (CDN) such as Amazon CloudFront to cache and serve static text and images or downloadable objects such as media files and documents is a common strategy to improve webpage load times, reduce network bandwidth costs, lessen the load on web servers, and mitigate distributed denial of service (DDoS) attacks. AWS […]
The Most Viewed AWS Security Blog Posts in 2016
September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. The following 10 posts were the most viewed AWS Security Blog posts that we published during 2016. You can use this list as a guide to catch up on your blog reading or even read a post again that you […]
Updated Whitepaper Available: AWS Best Practices for DDoS Resiliency
AWS is committed to providing you high availability, security, and resiliency in the face of bad actors on the Internet. As part of this commitment, AWS provides tools, best practices, and AWS services that you can use to build distributed denial of services (DDoS)–resilient applications. We recently released the 2016 version of the AWS Best […]
How to Use AWS CloudFormation to Automate Your AWS WAF Configuration with Example Rules and Match Conditions
Note from July 4, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository. AWS WAF is a web application firewall that integrates closely with Amazon CloudFront (AWS’s content delivery network [CDN]). AWS WAF gives you control to allow or block […]
In Case You Missed These: AWS Security Blog Posts from March and April
In case you missed any of the AWS Security Blog posts from March and April, they are summarized and linked to below. The posts are shown in reverse chronological order (most recent first), and the subject matter ranges from the AWS Config Rules repository to automatically updating AWS WAF IP blacklists. April April 28, AWS […]
How to Import IP Address Reputation Lists to Automatically Update AWS WAF IP Blacklists
Note from July 3, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository. You can use AWS WAF (a web application firewall) to help protect your web applications from exploits that originate from groups of IP addresses that are known […]
How to Prevent Hotlinking by Using AWS WAF, Amazon CloudFront, and Referer Checking
At some point, you might have to deal with hotlinking: when third parties embed in their websites the content they find on your websites. The third-party website does not incur the cost of hosting the content, which means your website can end up paying for the content other sites use. Now, you can use AWS […]
How to Reduce Security Threats and Operating Costs Using AWS WAF and Amazon CloudFront
Note from July 3, 2017: The solution in this post has been integrated into AWS WAF Security Automations, and AWS maintains up-to-date solution code in the companion GitHub repository. Some Internet operations trust that clients are “well behaved.” As an operator of a publicly accessible web application, for example, you have to trust that the clients […]
In Case You Missed These: AWS Security Blog Posts from January and February
November 1, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. In case you missed any of the AWS Security Blog posts from January and February, […]