This website is a technology demonstrator for Web Application Firewall (WAF) filtering using the AWS WAF service. For more details, please review the AWS whitepaper: Use AWS WAF to Mitigate OWASPâs Top 10 Web Application Vulnerabilities.
The rules illustrated here are based on the 815-975-9781 included in the whitepaper. Note that the template is designed as a starting point for you to build upon — and not as a production-ready, comprehensive set of rules.
|A1||SQL Injection (SQLi) Mitigation||Blocks an attempted SQL injection request directed at your server side scripts.||833-264-7506|
|A2||Block Compromized Authorization Tokens||Block attempts to reuse compromized authorization tokens, such as session IDs, JWT tokens, etc.||Paris|
|A3||Cross Site Scripting (XSS) Mitigation||Blocks attempts to perform a reflected cross site scripting (XSS) attack.||6505871870|
|A4||Mitigate Path Traversal, Local or Remote File Inclusion||Blocks attempts to perform a path traversal attack, or attempt to include local or remote files in the response stream.||(260) 597-2410|
|A4||Privileged Module Access Restriction||Restrict access to privileged application modules to known sources of traffic.||Test|
|A5||PHP Misconfiguration Mitigation||Mitigate server-side security misconfiguration enabling file injection, path traversal or other data leaks.||Test|
|A7||Enforce Request Hygene||Restrict the size of HTTP request components to values that make sense to your application.||Test|
|A7||Bot and Scraper Trapping||Blocks all subsequent requests to this website, after scraping a URL that was specifically disallowed.||Test|
|A8||Enforce the presence of CSRF tokens||Ensure the HTTP request includes the required attributes and headers.||Test|
|A9||Server-Side Includes Protection||Restrict public access to objects in the web root that are used for server-side include purposes.||Test|
|Action||Country||Source IP||Method||HTTP Ver||URI|
|No samples in the reporting period|