English (UK)
In this workshop, you will use AWS WAF to build an effective set of controls around your web application and perform monitoring and analysis of traffic that is analyzed by your web ACL. Learn to use AWS WAF to mitigate common attack vectors against web applications such as SQL injection and cross-site scripting. Additionally, learn how to use AWS WAF for advanced protections such as Bot mitigation and JSON inspection. You will also learn how to use WAF logging, query logs with Amazon Athena, and build near real-time dashboards to analyze requests inspected by AWS WAF.
Agenda
Evaluate
▪ Workshop Architecture
▪ Manual Scanning of the Website
▪ Automated Scanning of the Website
Remediate
▪ AWS Managed Rules for Foundational Protection
▪ Protect a Path with a Custom Rule
▪ Bot Detection with AWS WAF Bot Control
▪ Block Bad Bots with Custom Rules
▪ Rate Limit Bot Traffic and Custom Responses
▪ API Protection and JSON Parsing
Monitor
▪ Investigate AWS WAF Log Data
▪ Block Mystery Test
▪ Redact Sensitive Data from AWS WAF Logs
▪ Insert Custom HTTP Request Header
Optional
▪ (Optional) Create a CloudWatch Alarm for an AWS WAF Metric
▪ (Optional) Review the WAF Bot Dashboard
▪ (Optional) Protect a Web Form Using CAPTCHA
This is an on-site workshop, we will provide preconfigured AWS accounts – you need to bring your own laptop.
Upon registration, it’s essential to participate in the event since we’ll be preparing AWS accounts beforehand. Additionally, kindly notify us if you’re unable to attend after registering. Your cooperation is appreciated.
The moderators of the workshop will be Lucian Pătian (Haufe.Group) & Andra Someșan (AWS Romania).
