Protecting Web Applications Using AWS WAF

Web applications are a common target for cyberattacks due to the valuable data they often handle. Because of this threat from cyberattackers, many current compliance standards include special requirements for web application security. Following those standards helps in building trust with the consumers, which is vital for growth. AWS has many services which can be used to host web applications. You can protect these applications from external threats using the AWS Web Application Firewall (WAF).

In this Cloud Lab, you’ll learn how to use AWS WAF to secure your web applications. You’ll start by creating an EC2 instance along with the required infrastructure and hosting an insecure web application on that instance. After that, you’ll create an Application Load Balancer and specify your EC2 instance as the target for that load balancer. You’ll then associate AWS WAF with the load balancer by creating a web ACL. Once all this infrastructure is set up, you’ll check the SQL vulnerability of your app by injecting it with an SQL injection to log in to an account without valid credentials. To protect your app from such attacks, you’ll then create a WAF rule to counter these attacks. After that, you’ll perform an XSS injection and then use AWS WAF to secure your application from such an attack.

With the hands-on experience gained during this Cloud Lab, you’ll be able to effectively configure AWS WAF to protect against common threats such as SQL injection, cross-site scripting (XSS), and other malicious activities.

A high-level architecture diagram for this Cloud Lab is given below: