Securing Web Applications Against External Attacks
Question
A web application is deployed behind ELB on an EC2 instance.
Any attacks on this application will result in a huge financial loss.
You need to have a customized solution to secure this web application.
A set of blacklisted IP addresses & malicious SQL code to be blocked is regularly shared by the Security Team to secure web applications.
A highly skilled workforce is working to monitor traffic & apply this filter to block attacks immediately.
Which of the following solution can be used to make web applications secure against external attacks?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - C.
AWS WAF can be used as a customized solution to block attacks.
With AWS WAF, the following conditions can be used to deny traffic to web applications.
· Cross-Site Scripting.
· IP Address.
· Length of request.
· SQL injection.
· Geographic Match.
· String Match.
AWS Shield is a managed solution for additional protection against DDOS attacks.
Options A & B are incorrect as AWS Shield is managed solution wherein AWS applies all security filters.
In the above case, the customer is looking for a customized solution.
So AWS WAF is a better option.
Option D is incorrect as all attacks need to be blocked instantaneously.
The regular rule needs to be applied.
A rate-based rule will block any attacks only after it passes threshold values in a specified period.
For more information on AWS WAF, refer to the following URL-
https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.htmlTo secure the web application from external attacks, AWS offers different services and solutions to provide robust protection against malicious traffic. Based on the given scenario, a customized solution is required to secure the web application by blocking blacklisted IP addresses and malicious SQL code. Additionally, a highly skilled workforce is monitoring the traffic to apply this filter immediately.
AWS Shield Standard and AWS Shield Advanced are AWS's managed DDoS protection services, which are designed to protect web applications from DDoS attacks. These services help to minimize the application downtime, mitigate the impact of DDoS attacks, and ensure the availability of the application. However, neither Shield Standard nor Shield Advanced provides the required capability to block blacklisted IP addresses and malicious SQL code as described in the scenario. Therefore, options A and B are not the correct answers.
AWS WAF (Web Application Firewall) is a web application firewall that provides real-time protection against web-based attacks, including SQL injection, cross-site scripting, and more. AWS WAF is a powerful solution that enables customers to create custom security rules to block or allow traffic based on the specific requirements of their web applications. Based on the scenario, AWS WAF is the most suitable solution to secure the web application by blocking blacklisted IP addresses and malicious SQL code.
AWS WAF allows customers to create rules that can deny access based on IP addresses, HTTP headers, or URI strings. AWS WAF offers two types of rules: regular rules and rate-based rules. Regular rules allow blocking requests based on the matching conditions, whereas rate-based rules allow blocking requests based on the request rate. Based on the scenario, the appropriate rule to use is a regular rule that denies IP addresses and SQL attacks. Therefore, option C is not the correct answer. The correct answer is D, "Use AWS WAF to create a rate-based rule to deny IP address & SQL attacks on the application."
In conclusion, the most suitable solution for the given scenario is to use AWS WAF to create a rate-based rule to deny IP address & SQL attacks on the application.
