The Channel logo


By | Team Register 7th October 2015 04:28

Now it's the security industry's turn to be burned by cloud

Amazon ignites Web Applications Firewall to char security chaff

Amazon has launched web application firewall to help customers guard against common web exploits.

The web attic touts the service as a means to ink custom rules to block attack patterns like SQL injection and cross-site scripting and offering the ability to quickly deploy application rules.

Rules can be set based on IP address, HTTP headers, URI strings, and configured through the API or management console. The more rules set the higher the cost.

Amazon Web Services man Jeff Barr offers a case study of how the WAF could work.

"[Attackers] could run through a list of common or default usernames and passwords, or they could attempt to exploit a known system, language, or application vulnerability perhaps powered by SQL injection or cross-site request forgery as the next step," Barr says

"Like it or not, these illegitimate requests are going to be flowing in 24 by 7.

"Even if you keep your servers well-patched and do what you can to keep the attack surface as small as possible, there’s always room to add an additional layer of protection."

Amazon has slapped chicken feed service pricing on the WAF, asking for 60 cents per million hits, US$1 a rule, and $5 for each access control list.

Web application firewalls are a tool in the security defence chest and are no panacea. Security bods say the technology can be often bypassed and some maintain some offerings even introduce the vulnerabilities the platform seeks to mitigate. ®

comment icon Read 4 comments on this article or post a comment alert Send corrections


Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral


STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'