These are notes from this AWS Security course.
Protect Your Web-facing Workloads with AWS Security Services
As network attacks and intrusion attempts become more sophisticated, application developers and network managers have to manage the balance between protecting their boarders from bad guys while still maintaining a positive online presence for their customers. In this course, Shane Baldaccio will guide you through planning and implementing AWS Security Services in conjunction with traditional security services to build an intelligent, self-defending border to protect your mission critical online assets.
Terabyte level of botnets firing DDOS attacks at web based services.
Today’s syndicates will rent out botnets by hour.
Example company running Wordpress with customizations to integrate with ERP & CRM.
Essentially, they have several vulnerabilities in some custom work and plugins on their site. He was able to exploit them.
AWS Shield helps minimizes application downtime and has a standard version available at no cost.
It helps prevent DDoS attacks and monitors incoming requests.
These protect against network and transport layer attacks.
Web Application firewall that prevents. It lets you block or allow traffic.
Blocks top 10 OWASP style attacks.
Drive configuration of AWS WAF by triggering Step Function and Lambda from WAF result.
This allows you to automatically update your WAFs with developers clicking a button of Approve or Deny for various abnormal requests.
The feedback loop makes your defense stronger and it harder to miss abnormal requests.