Protect Your Web-facing Workloads with AWS Security Services
Notes: Protect Your Web-facing Workloads with AWS Security Services
These are notes from this AWS Security course.
Protect Your Web-facing Workloads with AWS Security Services
As network attacks and intrusion attempts become more sophisticated, application developers and network managers have to manage the balance between protecting their boarders from bad guys while still maintaining a positive online presence for their customers. In this course, Shane Baldaccio will guide you through planning and implementing AWS Security Services in conjunction with traditional security services to build an intelligent, self-defending border to protect your mission critical online assets.
Threats:
OWASP Style attacks
- SQL Injection
- Insecurity desearlization
- XXS
Hacktivists & Crime Syndicates
Terabyte level of botnets firing DDOS attacks at web based services.
Today’s syndicates will rent out botnets by hour.
Various tools:
- L3-L7 firewalls
- DDoS Mitigation BGP traffic rerouting
- Static application security testing
- Monitor logs
Real solutions
Example company running Wordpress with customizations to integrate with ERP & CRM.
Example infrastructure
Essentially, they have several vulnerabilities in some custom work and plugins on their site. He was able to exploit them.
AWS Shield
AWS Shield helps minimizes application downtime and has a standard version available at no cost.
It helps prevent DDoS attacks and monitors incoming requests.
These protect against network and transport layer attacks.
AWS WAF
Web Application firewall that prevents. It lets you block or allow traffic.
Blocks top 10 OWASP style attacks.
Self Defending Borders
Drive configuration of AWS WAF by triggering Step Function and Lambda from WAF result.
This allows you to automatically update your WAFs with developers clicking a button of Approve or Deny for various abnormal requests.
The feedback loop makes your defense stronger and it harder to miss abnormal requests.
AWS Guard Duty
- Detects unusual API calls
- Monitors AWS SDK/Console calls