Preventive Measures to Avoid Future Incidents
Question
A popular blogging site is using AWS Cloud infrastructure for deploying its blogging site.
An AWS ALB is used for handling all its front-end user requests which are served by a fleet of Amazon EC2 instance.
Last week there was an incident when some users added malicious code which impacted the whole blogging site.
As an AWS Consultant, the security team from this site is looking for your recommendation to avoid such incidents again in the future.
Which of the following recommendation can prevent such risk?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - C.
AWS WAF can be used with AWS ALB to protect web applications from common attacks.
With AWS WAF, the following conditions can be used to deny traffic to web applications,
· Cross-Site Scripting.
· IP Address.
· Length of request.
· SQL injection.
· Geographic Match.
· String Match.
In the above case,malicious codes uploaded by users can be detected by the Cross-Site Scripting rule with AWS WAF on AWS ELB.Option A is incorrect as this condition will match only malicious SQL code in the request.
Option B is incorrect as Using AWS WAF IP address match condition will block a pool of IP Address, it won't be effective if there is a constant change in the source IP address where the user is accessing this site.
Option D is incorrect as this condition will match a specified string in the request, it won't be effective for the request with a string other than specified.
For more information on using AWS WAF for Web Application Security, refer to the following URL.
https://d0.awsstatic.com/whitepapers/Security/aws-waf-owasp.pdfIn this scenario, the blogging site is using AWS Cloud infrastructure to deploy its website. An AWS ALB is being used to handle all the front-end user requests, which are being served by a fleet of Amazon EC2 instances. Recently, the site experienced an incident where malicious code was added by some users, which impacted the entire blogging site. As an AWS consultant, the security team is looking for recommendations to avoid such incidents in the future.
To prevent such incidents, we need to identify the root cause of the problem. In this case, the issue is caused by malicious code that was added to the website. This is a classic example of a web application security issue. Web application security issues can be prevented by using a Web Application Firewall (WAF).
AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF includes a set of predefined rules that can be customized based on specific application requirements.
AWS WAF supports several types of matching conditions to filter and block web requests based on specific criteria. The four options presented in the question are examples of the types of matching conditions that can be used to protect a website.
Option A: Use AWS WAF SQL match condition to protect the blogging site This option is useful for protecting the site against SQL injection attacks. SQL injection is a web application security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. This can allow an attacker to access or modify sensitive data.
Option B: Use AWS WAF IP address match condition to protect the blogging site This option is useful for blocking requests from specific IP addresses or IP address ranges. This can help prevent attacks from known malicious IP addresses.
Option C: Use AWS WAF Cross-site scripting match condition to protect the blogging site This option is useful for protecting the site against cross-site scripting (XSS) attacks. XSS is a web application vulnerability that allows an attacker to inject client-side scripts into web pages viewed by other users. This can allow an attacker to steal sensitive information, such as cookies or session tokens, from other users.
Option D: Use AWS WAF String match condition to protect the blogging site This option is useful for blocking requests that contain specific strings. This can help prevent attacks that use specific known strings in their attack payload.
Out of the given options, the most appropriate option for preventing the type of incident described in the scenario would be option C: Use AWS WAF Cross-site scripting match condition to protect the blogging site. This is because the incident described in the scenario is caused by users adding malicious code to the website, which is a classic example of a cross-site scripting (XSS) attack. By using the AWS WAF Cross-site scripting match condition, the site can be protected against future XSS attacks.
It is important to note that using a single AWS WAF match condition may not provide complete protection against all types of web application attacks. It is recommended to use a combination of different AWS WAF match conditions, as well as other security measures, to ensure comprehensive protection of the website.
