Tag: AWS WAF

Modern applications often rely on public APIs to exchange information between trusted clients (such as mobile applications or web browsers) and services. Using a combination of HAQM Web Services (AWS) Edge Services (AWS WAF, AWS Shield Advanced, and HAQM CloudFront) allow Glovo to share how they protect their public-facing APIs from a variety of external […]

Introduction The AWS WAF Bot Control rule group includes rules for detecting and managing bot threats. These threats range from easily identified common bots through to coordinated targeted bots that evade detection by operating across multiple hosts. Like any other security controls, HAQM Web Services (AWS) WAF Bot Control for Targeted Bots rules can also […]

In today’s world, organizations are increasingly looking to migrate their on-premises infrastructure to the cloud to take advantage of scalability, cost-effectiveness, and agility offered by cloud. One critical component of many enterprise architectures is the load balancer, which distributes incoming traffic across multiple servers. If you’re considering migrating your on-premise hardware load balancers to AWS, it’s […]

Application owners often rely on content management systems (CMS) to publish and manage content on their websites. WordPress is the world’s most popular content management system. Originally launched as a blogging platform back in 2003, WordPress now powers 43% of all websites and controls a massive 64.3% of the known CMS market. The purpose of this […]

Protecting against bot threats requires insights into the client environment beyond what is available through network-level characteristics of a request, such as TCP or HTTP payload signatures. AWS WAF uses CAPTCHA and Challenge actions to undertake a client-side interaction, whether on a mobile device or browser, to understand this client environment before they can be […]

Web application security is an ongoing process. AWS WAF enables real-time monitoring and blocking of potentially harmful web requests. Bot Control and Fraud Control use machine learning (ML) to detect and prevent sophisticated threats. Bot traffic can make up anywhere from 30% to 50% or even more of total web traffic. After enabling AWS WAF, […]

As security threats have become more sophisticated and easier to scale, customers increasingly use HAQM CloudFront and AWS WAF together to improve the performance, resiliency, and security of their web applications and APIs. CloudFront is a Content Delivery Network (CDN) that reduces latency by delivering data to viewers anywhere in the world using one of […]

AWS WAF helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources. Configuring AWS WAF in a cost-effective way has been a frequent topic of discussion among our customers. In this post, learn how to use the different components of AWS WAF to secure your web […]

Internet users increasingly expect responsive web applications and APIs with lower latency and higher availability. Additionally, publicly accessible web applications and APIs are exposed to threats such as commonly occurring vulnerabilities described in the OWASP Top 10, SQL injection, automated requests, and HTTP floods (Denial of Service (DoS)) that can affect availability, compromise security, or […]

Volumetric attack is one of the most common type of cyberattack, where a web application is overwhelmed with an enormous number of HTTP requests. This flood of excessive requests puts a strain on the application’s servers, leading to degraded performance, increased latency for legitimate users and in severe cases, resource exhaustion. AWS WAF’s rate-based rules […]