| Track: | |
|---|---|
| When: | Wed AM-1 |
| Where: | Portland |
| Organizers | Giorgio Bonfiglio Giorgio Bonfiglio |
| Participants | Andrew Johnstone Andrew Johnstone , Vladimir Voskresenskiy Vladimir Voskresenskiy , Jaimen Lathia Jaimen Lathia , Orid Ahmed Orid Ahmed , Felipe Zipitria Felipe Zipitria |
WHY
Implementing a WAF can be tricky: we are used to pre-packaged solutions, which come with a lot of false positives. In this hands-on session we’ll use a different approach and work on some automations to dynamically create rules to protect your applications.
What
Based on the AWS Security Automations packaged solution, we’ll explore differet mechanisms and tricks to protect our services from some common, and many uncommon types of attacks.
Outcomes
You will hopefully learn the basics and some pro tips to go ahead and integrate WAF in your existing environment.
References
AWS WAF: https://aws.amazon.com/waf/ AWS Shield: https://aws.amazon.com/shield/
WAF Security Automations: https://aws.amazon.com/answers/security/aws-waf-security-automations/ Security Automations Implementation Guide: https://s3.amazonaws.com/solutions-reference/aws-waf-security-automations/latest/aws-waf-security-automations.pdf
AWS Summit Talk: http://london-summit-slides-2017.s3.amazonaws.com/Advanced%20Techniques%20for%20DDoS%20Mitigation%20and%20Web%20Application%20Defense.pdf