2022 APIsecure_Secure your APIs with WAF in AWS
0 likes65 views
The document discusses securing API endpoints using AWS WAF, highlighting prerequisites such as proper deployment and routing. It outlines common exploits like SQL injection, local file inclusion, and remote code execution, along with recommended resolutions for each. Additionally, while WAF helps mitigate various attacks by allowing the creation of security rules, it does not address business logic vulnerabilities and should not be the sole defense mechanism.
2022 APIsecure_Secure your APIs with WAF in AWS
- 1. How to secure API endpoints with WAF? Kuldeep Pisda, Backend-cum-SRE Goldcast Inc
- 2. Prerequisite The application should be deployed on AWS routed with proper Application Load Balancers, API Gateway, AWS AppSync or CloudFront.
- 4. SQL Injection SQL injection is a code injection technique that might destroy or leak your database.
- 5. user_id = request.body.POST.get(‘user’); sql_to_execute = "SELECT * FROM Users WHERE id = " + user_id;
- 6. SELECT * FROM Users WHERE id = 105 OR 1=1;
- 7. Resolution: Always prepare your SQL Queries before executing them.
- 8. LFI Attacks Local File Inclusion attacks are used by attackers to trick a web application into running or exposing files on a web server. If the attack is successful, it will expose sensitive information, and in severe cases, can lead to XSS and remote code execution.
- 10. Resolution: Configure server correctly, set proper permissions for www-data users and don’t allow ../ based file access.
- 11. RCE RCE vulnerabilities allow an attacker to execute arbitrary code on a remote device. An attacker can achieve RCE in a few different ways, including, Injection Attacks, Deserialization Attacks, Out-of-Bounds Write. Example: Log4j, ETERNALBLUE
- 12. Resolution: Input Sanitization, Secure Memory Management, Access Control.
- 14. WAF AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that control bot traffic and block common attack patterns, such as SQL injection or cross-site scripting.
- 16. Rules ● Rate Based Rules ● Regular Rules ○ Origin ○ Request Components ■ Header ■ Query Param ■ URI Path ■ Body ■ Method WAF Rules & Actions Actions Allow Block Count Captcha
- 17. What WAF does not protect us from?
- 18. It does protect us from the known vulnerabilities but it can’t help us with the broken business logics.
- 19. WAF should not be the only means of defence.
- 20. Thanking You