Posted On: Jul 6, 2017
Today, AWS WAF released a new security whitepaper: Use AWS WAF to Mitigate OWASP’s Top 10 Web Application Vulnerabilities. This whitepaper describes how you can use AWS WAF, a web application firewall, to address the top application security flaws as named by the Open Web Application Security Project (OWASP). Using AWS WAF, you can write rules to match patterns of exploitation attempts in HTTP/S requests and block requests from reaching your web servers. This whitepaper discusses manifestations of these security vulnerabilities, AWS WAF–based mitigation strategies, and other AWS services or solutions that can help address these threats.
For easy deployment we have prepared an AWS CloudFormation template that contains a web ACL and the rules recommended in this document. You can use the template to provision these resources with just a few clicks (full API support is also available). Note that the template is designed as a starting point for you to build upon and not as a production-ready, comprehensive set of rules.
The template is available at: https://s3.us-east-2.amazonaws.com/awswaf-owasp/owasp_10_base.yml
If you would like to learn more about the topics discussed in this new white paper, please plan to attend our upcoming webinar, Secure Your Applications with AWS Web Application Firewall (WAF) and AWS Shield.
Updated September 2020: Note that the above CloudFormation template will only work in commercial regions that supports WAF.