Protecting web applications from common web vulnerablities, bots, and scrapers workshop
In the lab several AWS resources will be created and bill the account the lab is provisioned in. Please be sure to delete the cloudformation template and remove any resources created when you have completed the excersise to avoid any unwanted charges.
The cloudformation template will create EC2 instances, NAT GW's, an ALB, WAF, Lambda's, an API GW, S3 Buckets, Kinesis Firehose, RDS Database, a Glue data catalog, and an ElasticSearch cluster. The items created via the CloudFormation template should be removed when you delete the CloudFormation stack. Any manual steps you take during the lab, in the AWS console or via the aws cli, will need to be cleaned up. At the end of each lab there will be instructions on how to clean up any of the manual steps performed. If you have performed any additional steps on your own you should be sure to clean them up as well.
In the labs you will get familar with AWS WAF and how you can use it protect a web application.
For lab1 you will perform some common web application attacks and then you will implement an AWS WAF to protect your application from these exposures without the need to update any web application code.
For lab2 you will use additional tools to create automations which will dynamically add AWS WAF protections from more advanced attacks.
- You will need to have the Microsoft Remote Desktop client installed on your local machine. This is preinstalled on Windows systems. If you are using MacOS you can install it from the Apple app store for free, but does require an Apple account to install. For linux you can use rdesktop. For more information you can see the AWS documentation on all the prerequisites.
- When deploying the cloudformation template you can sometimes receive an error message when it's provisioning the AWS WAF. If this occurs you will need to delete the cloudformation stack and relaunch it. This is a timing related item which should be resolved for cloudformation in the future.
Interesting links you may find useful to get additional information about AWS WAF automation.
- AWS WAF information page
- AWS WAF Security Automation Solution
- Blocking IP Addresses that Submit Bad Requests
- Using bad actor IP blacklists to prevent web attacks
- AWS Firewall Manager information page
- How to analyze AWS WAF logs using Amazon Elasticsearch Service
- How to use Amazon GuardDuty and AWS Web Application Firewall to automatically block suspicious hosts