Setting up WAF on API gateways

comp9447-team4 / soar

The main repository for comp9447-team4

3 stars 0 forks source link

Setting up WAF on API gateways #56

Closed txtchirag closed 3 years ago

txtchirag commented 3 years ago

Threats:

rate-based attacks on API requests

Remediation: WAF rate-limiter defaults:100/5min window block source IP

https://github.com/comp9447-team4/soar/tree/chirag_20201013/services/WAF

txtchirag commented 3 years ago

Note: stack removed due to cost consideration. https://aws.amazon.com/waf/pricing/

Next steps:

test scripts only include rate-limiter add below test features
- cross-site scripting
- sql injection
- Activate Scanner and Probe Protection | AWS Lambda log parser
- add IP blacklist/whitelist
Deploy using SAM

txtchirag commented 3 years ago

Current WAF features(not tested fully) rate-limitter cross-site scripting sql injection Activate Scanner and Probe Protection | AWS Lambda log parser add IP blacklist/whitelist

once cloudfront is available can set up the above for cloudfront. Currently only enabled for mysfits API-Gateways

stev3bb commented 3 years ago

Hi Chirag, I am going break the Cloud front part to another card.

mrJTY commented 3 years ago

Hey @txtchirag good work on creating this. Would you be able to record a quick demo video of what you did?

Around a 2min video describing what threat you are trying to product against and how your solution mediates it. I suggest to upload it to Youtube.

We can use it for our presentation.

mrJTY commented 3 years ago

@txtchirag See task :point_right: https://github.com/orgs/comp9447-team4/projects/1#card-48441211