AWS Partner Network (APN) Blog

Protect Your Web Applications with AWS WAF Ready Partners

By Mysty Lawrence, Edge Partner Sales Specialist – AWS
By Joanne Moore, Sr. Launch Product Manager – AWS

As organizations continue to build and migrate more of their applications in the cloud, bad actors deploy increasingly sophisticated attacks that can lead to loss of revenue, customer trust, and brand reputation. Ensuring websites and applications are protected from external threats has become a top concern for businesses of all shapes and sizes.

AWS Web Application Firewall (WAF) is a web application firewall that helps protect web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. AWS WAF gives customers control over how traffic reaches their applications by enabling them to create security rules that control bot traffic and block common attack patterns, such as SQL injection or cross-site scripting.

Thousands of customers use AWS WAF to ensure their applications are secured and protected from unauthorized traffic.

We’re excited to announce the AWS WAF Ready specialization to help customers deploy and maintain their application layer security solution with AWS WAF Ready Partner software products.

AWS WAF Ready products are vetted by AWS Partner Solutions Architects for their sound architecture, adherence to Amazon Web Services (AWS) best practices, and market adoption, including proven customer success. AWS WAF Ready Partners provide robust WAF rule sets and mitigation tools that customers can choose from depending on their specific application use case.

Additionally, AWS WAF Ready Partners stay ahead of the attack curve and can help mitigate zero-day vulnerabilities so that customers don’t have to worry about continually updating their rule sets based on novel or new attack vectors. Beyond detection and mitigation, AWS WAF Ready Partners provide customers with pre-built integrations to help ingest and analyze WAF event data.

Launch Partner Showcase

The AWS Service Ready Program is designed to validate software products built by AWS Partners that work with specific AWS services.

We invite you to explore the WAF Ready Partners recommended by AWS:


  • Malicious IP Reputation Rule Set: Cloudbric Labs provides a comprehensive list of Malicious IP Reputation based on threat intelligence gathered from over 700,000 sites in 95 countries, reducing the amount of time required for identifying and processing, and in turn, helping minimize the damages caused by these threats.
  • OWASP Top 10 Rule Set: Cloudbric utilizes a logic-based intelligent WAF engine that was voted as Asia Pacific’s no.1 for 5 consecutive years. Automated updates ensures it protects against the OWASP Top 10 vulnerabilities and new threats.

Cyber Security Cloud

  • API Gateway/Serverless: Cyber Security Cloud Managed Rules are designed to mitigate and minimize vulnerabilities, including all those on OWASP API Security Top 10 Threats list. By using our rulesets, you can start protecting your API Gateway right away with a low false-positive rate and a higher defense capability.
  • HighSecurity OWASP Set: Cyber Security Cloud Managed Rules are designed to mitigate and minimize vulnerabilities, including all those on OWASP Top 10 Threats list. With the HighSecurity OWASP Set, you can start protecting your web applications right away with a low false-positive rate and a higher defense capability.
  • WafCharm: With WafCharm, AWS WAF operations are automated as it automatically configures, curates, and updates AWS WAF rules that best fit your environment. With a full team of security experts, WafCharm always stays ahead of new vulnerabilities by creating and applying new WAF rules. This ensures that your website is protected against the latest threats and vulnerabilities. Without disrupting or altering the existing rules or system, your IT and security teams can focus on other strategic initiatives.


  • Web exploits OWASP Rules: Protect against web exploits. F5 Web Exploits Rules for AWS WAF, provides protection against web attacks that are part of the OWASP Top 10, such as: SQLi, XSS, command injection, No-SQLi injection, path traversal, and predictable resource.
  • API Security Rules: Protects against API attacks, web attacks (such as XML external entity attacks), and server side request forgery. The rule set includes support for XML and JSON payloads, and common web API frameworks.
  • Common Vulnerabilities and Exposures (CVE) Rules: Protect against common vulnerabilities and exposures (CVE). CVE Rules for AWS WAF provides protection for high profile CVEs targeting the following systems: Apache, Apache Struts, Bash, Elasticsearch, IIS, JBoss, JSP, Java, Joomla, MySQL, Node.js, PHP, PHPMyAdmin, Perl, Ruby On Rails, and WordPress.
  • Bot Protection Rules: Protect against automated attacks. Bot Protections Rules is a partner managed rule group for AWS WAF that stops a broad range of malicious bots activities such as vulnerability scanners, web scrapers, DDoS tools, and forum spam tools.

Fortinet’s Complete OWASP Top 10 Managed Rules deliver comprehensive web application protection against the OWASP Top 10 threats, including protection against SQL Injection, Cross Site Scripting, General and Known Exploits, Malicious Bots, and Common Vulnerabilities and Exposures (CVE). Security signatures are automatically updated with the latest threat protections and updates from FortiGuard Labs.

Fortra (formerly Alert Logic)
Alert Logic provides managed detection and response solutions that integrate security technology, human analytics, and responsive communication to provide high quality, cloud-optimized security services. Alert Logic’s cloud-native technology and team of security experts protect organizations 24/7.

GeoComply’s location fraud detection solution, GeoGuard DB, provides multi-layered fraud protection against VPNs, DNS proxies, peer-to-peer networks, and other methods used to manipulate IP address data and spoof user location using IP geolocation fraud applications and tools. Continuously updated, GeoGuard DB ensures protection remains effective.

Imperva’s Managed Rules for IP Reputation allows you to take a proactive approach to security by providing an extensive IP allow list/deny list which is regularly monitored and updated. Imperva’s reputation feed leverages crowd-sourcing from aggregated attack data to update its list with newly detected malicious sources, taking the burden off of IT teams to account for undiscovered threats.

MonitorApp is a plug and play Industrial Internet of Things tool for extracting, processing, and displaying floor data in real time. MonitorApp is one of the only Manufacturing Collaboration Platform with KPIs, tasks, real data, IoT sensors, and more.

Salt Security
The Salt Security API Protection Platform secures the APIs at the heart of all modern applications. Salt collects API traffic across the entire app landscape and use AI/ML and big data to discover all APIs and their exposed data, stop attacks, and eliminate vulnerabilities at their source.

ThreatSTOP’s Managed Rules for AWS WAF drops malicious and unwanted connection attempts before they can do damage and cost money. ThreatSTOP’s Managed Rules can help reduce financial fraud, stop automated bots and scanners from chewing-up resources, and save time and effort meeting compliance.

Customers: Learn About AWS WAF Ready Partners

AWS WAF Ready Partners make it easy for customers to deploy and maintain their application layer security solution with a wide selection of software products that support AWS WAF.

We invite you to learn more about AWS WAF Ready Partners.

Partners: Looking to Validate Your AWS WAF Software Offering?

AWS Partners with AWS WAF software offerings can learn more about becoming an AWS Service Ready Partner.

To validate your AWS WAF software through the AWS Service Ready Program, you must be a validated member of the Software Path and pass the AWS Foundational Technical Review (FTR) prior to applying.

For program requirements, review the Program Guide and access the application in AWS Partner Central (log in required).