How to secure web application with AWS WAF and CloudWatch

By sergii-demianchuk
In Cyber Security, DevOps
4 Min Read
H

Udemy Coupon: CYBERSECURITYAPRIL – active 15.04.2024-20.04.2024;
in case coupons are already expired, please check that page regularly – new one will appear soon

ENROLL AT Cyber Security course

Hi, my name is Sergii and I am glad to represent my course “DevSecOps: How to secure web application with AWS WAF and CloudWatch”.

The course stars from creating a small API application, built with Python programming language and Flask framework. If you are not aware of current technologies, don’t worry, you should not. Believe me, the application is extremely simple, so anyone, even a child, can understand how it works. While creating according application I am concentrating at next essential aspects:

  • Custom exceptions
  • Logging

At current course section you will get clear explanations why it is so essential to have those both things at any application and how to make it properly, in order it would be helpful from a security defense perspective. The principles which I will show you are extremely simple and can be easily propagated at any existing web application. You will see the real power of properly done exceptions and logging at your own eyes when we will make real hacker’s attacks simulations at our application after deploying it at AWS cloud.

Generally speaking, deploying – it is 2nd essential part of course learning. Together we will deploy test Flask API application at AWS using Terraform. And again, if you have never used current technology, don’t worry. I will show you step by step, how to run according terraform scripts. At 1st we will prepare the AWS network, after that we will deploy AWS Application Load Balancer (ALB) with AWS Web Application Firewall( WAF), and finally, at the last step, we will deploy our application at EC2 using an auto scaling group.

Current pattern of deployment can be easily used by you at production as it is rather cost effective and almost a HA solution. Though as every solution it also has some limitations, which I will discover during Terraform lectures

At deployment section you will learn a lot about different AWS Services, that would be used for creating security defense mechanisms:

  • IAM policies and Security groups as restriction mechanisms to our resources
  • S3 as place for keeping our ALB and WAF logs
  • CloudWath as centralized log storage and alarm system
  • SNS – as mechanism for sending alarm notifications during security attacks detection
  • Route 53 and Certificate manager services

The deployed Falsk application and all AWS infrastructure around it would be intensively used as a lab environment for imitating different hacker’s attacks and providing a cyber security learning process. That will allow you to perform real practice training and try different security tools and tricks with your own hands. That is why, as for me, it is so essential to have it to be done.

The third section is devoted completely to the AWS Web Application Firewall (WAF) – you will learn:

  • What resources can we attach WAF at – ALB, APi gateway, CloudFront
  • How properly to configure it
  • Why correct configurationof AWS WAF is so time consuming process
  • How to set up AWS WAF managed rules and custom blocking policies
  • How to analyse WAF and ALB logs using Athena
  • Why WAF is not silver bullet that can’t protect web app against all possible threats

At current section I will also show you some examples of real attacks that were blocked by WAF, taken from my DevSecOps commercial experience, in order you could feel how powerful WAF is as a security defense tool

At 4th section we will discuss deeply AWS CloudWatch service, especially:

  • How to use our application logs as security detector
  • How to build custom CloudWatch filters
  • How to raise alerts in case web application is under the hacker’s attack
  • How you can be aware of attack even before WAF will detect it, or when WAF could not deal with the problem

In the 5th part we will speak about cyber threat analysis using Atena and Excel after a hacker’s attack. You will learn how to gather all required data using Athena and how to verify if the hacker’s actions had any success.

In the end of learning we will make a short summary of all passed practice DevSecOps materials, by creating effective security defense framework, that can be used at any cloud or even at on-premise solutions.

That’s all. See you at the 1st, where we will start to examine test api application. Hope to see you soon.

ENROLL AT Cyber Security course

About the author

sergii-demianchuk

Software engineer with over 18 year’s experience. Everyday stack: PHP, Python, Java, Javascript, Symfony, Flask, Spring, Vue, Docker, AWS Cloud, Machine Learning, Ansible, Terraform, Jenkins, MariaDB, MySQL, Mongo, Redis, ElasticSeach

Read more

architecture AWS cluster cyber-security devops devops-basics docker elasticsearch flask geo high availability java machine learning opensearch php programming languages python recommendation systems search systems spring boot symfony