AWS Cloudfront - Protecting Against SQL Injection and Cross-site Scripting Attacks

Protecting Your Website with AWS Cloudfront

Question

You have a website that is sitting behind AWS Cloudfront.

You need to protect the website against threats such as SQL injection and Cross-site scripting attacks.

Which of the following service can help in such a scenario?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer: B.

Option A is incorrect because AWS Trusted Advisor assists on how you can improve the security on your AWS account, but does not protect against threats such as SQL injection and cross-site scripting mentioned in the question.

Option B is CORRECT because AWS WAF allows you to create rules that can help to protect against common web exploits like SQL injection and cross-site scripting.

Option C is incorrect because AWS Inspector can be used to scan EC2 Instances for vulnerabilities but not protect against threats such as SQL injection and cross-site scripting mentioned in the question.

Option D is incorrect because AWS Config can be used to check configuration changes on your AWS Account but not protect against threats.

For more information on AWS WAF, please visit the following URL:

https://aws.amazon.com/waf/details/

The correct answer is B. AWS WAF (Web Application Firewall).

Explanation:

AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF can be deployed on Amazon CloudFront or on an Application Load Balancer to provide an additional layer of security to your web applications.

SQL injection and cross-site scripting (XSS) attacks are two common web application attacks that can be mitigated by using AWS WAF. AWS WAF can be configured to inspect incoming web requests and block those that contain malicious content or patterns that match predefined rules.

AWS Trusted Advisor, AWS Inspector, and AWS Config are not directly related to protecting web applications from SQL injection and XSS attacks.

AWS Trusted Advisor provides best practices and recommendations for optimizing AWS resources, enhancing security, and improving performance.

AWS Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

AWS Config is a service that provides a detailed inventory of AWS resources, including their configuration history, and can be used to monitor changes to resources and compliance with security policies.

Therefore, the correct answer to protect the website against threats such as SQL injection and Cross-site scripting attacks is AWS WAF.