Protecting Web Applications Using AWS WAF

Protecting Web Applications Using AWS WAF
Protecting Web Applications Using AWS WAF

CLOUD LABS

Protecting Web Applications Using AWS WAF

In this Cloud Lab, we’ll learn to secure our web applications from common exploits and attacks using the AWS Web Application Firewall.

10 Tasks

intermediate

2hr

Certificate of Completion

Desktop OnlyDevice is not compatible.
No Setup Required
Amazon Web Services

Learning Objectives

A solid understanding of AWS WAF
The ability to secure your applications from SQL attacks using AWS WAF
The capability to use AWS WAF to save your applications from XSS attacks
Hands-on experience in building custom rules for AWS WAF

Technologies
AWS logoAWS
WAF
EC2 logoEC2
ALB logoALB
Skills Covered
Using AWS Cloud Services
Cloud Lab Overview

Web applications are a common target for cyberattacks due to the valuable data they often handle. Because of this threat from cyberattackers, many current compliance standards include special requirements for web application security. Following those standards helps in building trust with the consumers, which is vital for growth. AWS has many services which can be used to host web applications. You can protect these applications from external threats using the AWS Web Application Firewall (WAF).

In this Cloud Lab, you’ll learn how to use AWS WAF to secure your web applications. You’ll start by creating an EC2 instance along with the required infrastructure and hosting an insecure web application on that instance. After that, you’ll create an Application Load Balancer and specify your EC2 instance as the target for that load balancer. You’ll then associate AWS WAF with the load balancer by creating a web ACL. Once all this infrastructure is set up, you’ll check the SQL vulnerability of your app by injecting it with an SQL injection to log in to an account without valid credentials. To protect your app from such attacks, you’ll then create a WAF rule to counter these attacks. After that, you’ll perform an XSS injection and then use AWS WAF to secure your application from such an attack.

With the hands-on experience gained during this Cloud Lab, you’ll be able to effectively configure AWS WAF to protect against common threats such as SQL injection, cross-site scripting (XSS), and other malicious activities.

A high-level architecture diagram for this Cloud Lab is given below:

Architecture diagram
Architecture diagram

Cloud Lab Tasks
1.Introduction
Getting Started
2.Set Up the Application
Host the Application on an EC2 Instance
Attach Application Load Balancer with the EC2 Instance
3.Protect the Application Using AWS WAF
Create a Web ACL
Inject SQL in the App
Protect against SQL Injection
Inject XSS in the App
Protect against XSS Injection
4.Conclusion
Clean Up
Wrap Up
Labs Rules Apply
Stay within resource usage requirements.
Do not engage in cryptocurrency mining.
Do not engage in or encourage activity that is illegal.

Relevant Courses

Use the following content to review prerequisites or explore specific concepts in detail.

Trusted by 1.4 million developers working at companies including

Don’t take our word for it. See what our developers have to say.

Your method is simple, straight to the point and I can practice with it everywhere, even from my phone, that's something I have never had in other learning platforms.

Felipe Matheus
TestimonialsImg

I highly recommend Educative. The courses are well organized and easy to understand.

Adina Ong
TestimonialsImg

I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.

Clifford Fajardo
TestimonialsImg

I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.

Clifford Fajardo
TestimonialsImg
Don’t take our word for it. See what our developers have to say.

Your method is simple, straight to the point and I can practice with it everywhere, even from my phone, that's something I have never had in other learning platforms.

Felipe Matheus
TestimonialsImg

I highly recommend Educative. The courses are well organized and easy to understand.

Adina Ong
TestimonialsImg

I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.

Clifford Fajardo
TestimonialsImg

Get access to Educative Cloud Labs

Course Footer Image
Course Footer Image