Search the Community
Showing results for tags 'waf'.
-
The perceptions of the API security market have really shifted since we started Impart Security three years ago. When we first started Impart, API security was a new market; there were many different opinions about what API security was, how to approach the problem, and what good API security looked like. I remember back in 2020, although most security teams I spoke with thought of API security as a critical part of their security program, those same teams also had very different views of what specific problems and urgent pain points needed to be addressed. In this post I’ll unpack the current state of the API security market, where it’s going, and how security teams should be implementing it with API-first runtime protection. The post Is API Security Just a Better WAF? | Impart Security appeared first on Security Boulevard. View the full article
-
AWS WAF Captcha is now available for all customers. AWS WAF Captcha helps block unwanted bot traffic by requiring users to successfully complete challenges before their web request are allowed to reach AWS WAF protected resources. You can configure AWS WAF rules to require WAF Captcha challenges to be solved for specific resources that are frequently targeted by bots such as login, search, and form submissions. You can also require WAF Captcha challenges for suspicious requests based on the rate, attributes, or labels generated from AWS Managed Rules, such as AWS WAF Bot Control or the Amazon IP Reputation list. WAF Captcha challenges are simple for humans while remaining effective against bots. WAF Captcha includes an audio version and is designed to meet WCAG accessibility requirements. View the full article
-
AWS WAF now supports evaluating multiple headers in the HTTP request, without the need to specify each header individually in AWS WAF rules. You can also use this new capability to easily inspect all cookies in the HTTP request, without the need to specify each cookie in WAF rules. This capability helps you protect your applications or API endpoints from attacks that try to exploit a custom header or cookie, or a common header for which you may not have created a WAF rule. You can also limit the scope of inspection to only included or excluded headers, and inspect only the keys or only the values for the headers or cookies you want to inspect. View the full article
-
We’re excited to announce the launch of the AWS Centralized WAF and VPC Security Group Management solution, a reference implementation that makes it easier to centrally configure, manage, and audit firewall rules across your accounts and applications in AWS Organizations. The solution uses AWS Firewall Manager to automatically deploy a set of Managed Rules for AWS Web Application Firewall (WAF) and audit checks for VPC security groups across all your AWS accounts from a single place. The solution also gives Shield Advanced customers the option to deploy DDoS protections across accounts. View the full article
-
AWS WAF can now natively parse request body JSON content, allowing you to inspect specific keys or values of the JSON content with AWS WAF rules. This capability helps you protect your APIs by checking for valid JSON structure, inspecting the JSON content for common threats against your application, and reducing false positives by inspecting only the keys or values in the JSON content. View the full article
-
AWS Transfer Family customers using Amazon API Gateway to integrate their own identity management systems to authenticate end users can now use AWS Web Application Firewall (WAF) to easily apply additional layers of access controls. You can also protect your file transfer endpoints against exploits such as bots and port scanners. View the full article
- 1 reply
-
- aws
- transfer family
-
(and 1 more)
Tagged with:
-
Forum Statistics
67.4k
Total Topics65.3k
Total Posts