SlideShare ist ein Scribd-Unternehmen logo

Web Security Automation: Spend Less Time Securing your Applications

Als PPTX, PDF herunterladen
Amazon Web Services
Amazon Web Services

As attackers become more sophisticated, web application developers need to constantly update their security configurations. Static firewall rules are no longer good enough. Developers need a way to deploy automated security that can learn from the application behavior and identify bad traffic patterns to detect bad bots or bad actors on the Internet. This session showcases some of the real-world customer use cases that use machine learning and AWS WAF (a web application firewall) with automated incident response and machine learning to automatically identify bad actors. We also present tutorials and code samples that show how customers can analyze traffic patterns and deploy new AWS WAF rules on the fly.

Technologie
1 von 58
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Dean Samuels Manager, Solutions Architecture Hong Kong & Taiwan 19th January 2016 Security Automation Using AWS WAF: Spend Less Time Securing Your Applications
What to expect from this session Introduction to AWS WAF AWS WAF 101
What to expect from this session Introduction to AWS WAF AWS WAF security automation strategies AWS WAF 101
What to expect from this session Introduction to AWS WAF AWS WAF security automation strategies AWS WAF 101 5 automation strategies 1. Provisioning WAF 2. Deploying WAF 3. Importing rules 4. Automated incident response 5. Learning-based protections
What to expect from this session AWS WAF security automation strategies AWS WAF 101 Demo and getting started Introduction to AWS WAF
What is AWS WAF AWS WAF 101
What is AWS WAF
Why AWS WAF? Application vulnerabilities Good users Bad guys Web server Database Exploit code AWS WAF
Why AWS WAF? Content abuse: Bots and scrapers Good users Bad guys Web server Database AWS WAF
Why AWS WAF? Application DDOS Good users Bad guys Web server Database AWS WAF
AWS WAF: Rules in action Monitor security events
AWS WAF: Integrated with AWS Amazon CloudFront Global content delivery network to accelerate websites, API, video content, and other web assets
AWS WAF: Integrated with AWS Amazon CloudFront Application Load Balancer Load balancer with advanced request routing, and support for microservices and container-based applications Global content delivery network to accelerate websites, API, video content, and other web assets Announcing today..
What to expect from this session Introduction to AWS WAF AWS WAF security automation strategies AWS WAF 101 Demo and getting started
Why security automation Spend less time securing your applications Instead, focus on building applications
We built a WAF that has… Customizable and flexible rules APIs: Integration with DevOps …allowing several WAF automation strategies Quick rule update
AWS WAF security automation strategies Provisioning WAF Configuring rules Importing rules Automated incident response Learning-based protections … to spend less time securing applications
AWS WAF security automation strategies Provisioning WAF Configuring rules Importing rules Automated incident response Learning-based protections
Provisioning AWS WAF Step 1 – Create web ACL
Provisioning AWS WAF Rule 1: Whitelist [ALLOW] Rule 2: Blacklist [BLOCK] Rule 3: Common protection [BLOCK] Step 1 – Create web ACL Step 2 – Add rule
Provisioning AWS WAF IP whitelist SQL injection URL match Rule 1: Whitelist [ALLOW] IP blacklist Rule 2: Blacklist [BLOCK] Rule 3: Common protection [BLOCK] Step 1 – Create web ACL Step 2 – Add rule Step 3: Add condition
Provisioning AWS WAF IP Whitelist SQL injection URL match Rule 1: Whitelist [ALLOW] IP Blacklist Rule 2: Blacklist [BLOCK] Rule 3: Common protection [BLOCK] Step 1 – Create web ACL Step 2 – Add rule Step 3: Add condition Step 4: Associate Amazon CloudFront ALB
Provisioning AWS WAF: Reuse Spend less time by reusing WAF rules
Provisioning AWS WAF: Reuse IP whitelist internal IP SQL injection URL match Rule 1: Whitelist [ALLOW] IP blacklist known bad Rule 2: Blacklist [BLOCK] Rule 3: Common protection #1 [BLOCK] Web ACL #1 ALB 1 (dev env) Rule 4: Common protection #2 [BLOCK] XSS match Web ACL #2ALB 2 (prod env) Spend less time by reusing WAF rules
Provisioning AWS WAF: Reuse IP whitelist internal IP SQL injection URL match Rule 1: Whitelist [ALLOW] IP blacklist known bad Rule 2: Blacklist [BLOCK] Rule 3: Common protection #1 [BLOCK] Web ACL #1 ALB 1 (dev env) Rule 4: Common protection #2 [BLOCK] XSS match Web ACL #2ALB 2 (prod env) Spend less time by reusing WAF rules ALB 3 (new app)
Provisioning AWS WAF Quickly fix vulnerabilities Example: {CVE-2016-538} • Server-side web applications that utilize the HTTP_Proxy header as an environment variable • Attacker could intercept connections between a client and server. Quick solution: Use AWS WAF to configure a rule to detect and block web requests that contain a proxy header.
Provisioning AWS WAF IP whitelist internal IP SQL injection URL match Rule 1: Whitelist [ALLOW] IP blacklist known bad Rule 2: Blacklist [BLOCK] Rule 3: Common protection #1 [BLOCK] Web ACL #1 ALB 1 (dev env) Rule 4: Common protection #2 [BLOCK] XSS match Web ACL #2ALB 2 (prod env) Spend less time by reusing WAF rules ALB 3 (new app)
Provisioning AWS WAF IP whitelist internal IP SQL injection URL match Rule 1: Whitelist [ALLOW] IP blacklist known bad Rule 2: Blacklist [BLOCK] Rule 3: Common protection #1 [BLOCK] Web ACL #1 ALB 1 (dev env) Rule 4: Common protection #2 [BLOCK] XSS match Web ACL #2ALB 2 (prod env) Spend less time by reusing WAF rules ALB 3 (new app) Rule 5: CVE-2016-538 [BLOCK] Header match
AWS WAF security automation strategies Provisioning WAF Configuring rules Importing rules Automated incident response Learning-based protections
Configuring AWS WAF rules Preconfigured AWS CloudFormation templates for common protection CloudFormation template AWS WAF Configuration
Configuring AWS WAF: Common protection Enable common protections  SQL injection  Cross-site scripting
Preconfigured protections: Customer example Need quick setup and common protections like SQLi, XSS “Overall, the entire stack so far has been extremely helpful. I truly would say that this stack should almost be a standard built-in for anyone looking to use WAF as I cannot begin to tell you how useful and truly effective it is.” Award winning Health & Beauty eTailer
Configuring AWS WAF: Common protection Demo
AWS WAF security automation strategies Provisioning WAF Configuring rules Importing rules Automated incident response Learning-based protections
Importing AWS WAF rules Import open source IP reputation lists
Importing AWS WAF rules Open source IP reputation lists
Importing AWS WAF rules
AWS WAF security automation strategies Provisioning WAF Configuring rules Importing rules Automated incident response Learning-based protections
Why security automation Traditional incident response Good users Bad guys Server AWS WAF Logs Threat analysis Notification Security engineer
Why security automation Automated incident response Good users Bad guys Server AWS WAF Logs Threat analysis Rule updater Notification Security engineer
Security automation: Use cases HTTP floods Scans and probes Attackers Use cases that static rules cannot protect effectively
Automated incident response: Customer example
MapBox uses WAF to protect from bots Good users Bad guys Serve r AWS WAF Logs Threat analysis Rule updater
AWS WAF security automation strategies Provisioning WAF Configuring rules Importing rules Security Automation Learning-based protections
What is machine learning Machine learning is the technology that automatically finds patterns in your data and uses them to make predictions for new data points as they become available Your data + machine learning = smart applications
Amazon Machine Learning Easy-to-use, managed machine learning service built for developers Robust, powerful machine learning technology based on Amazon’s internal systems Create models using your data already stored in the AWS Cloud Deploy models to production in seconds
AWS WAF with Amazon Machine Learning A PoC on learning-based WAF
AWS WAF with Amazon Machine Learning The problem: Detect requests from domain generation algorithms Solution: Use referrer header to detect bad domains visiting my website based on machine learning
AWS WAF with Amazon Machine Learning 1. Data preparation – Feature engineering 2. Train model based on known good and bad domains 3. Evaluate using real data
AWS WAF with Amazon Machine Learning 1. Data preparation – Feature engineering
AWS WAF with Amazon Machine Learning 2. Train model based on known good and bad domains Good domains: Alexa 10,000 Bad domains: Known phishing domains
AWS WAF with Amazon Machine Learning 3. Evaluate using real data Use raw logs from CloudFront logs #Version: 1.0 #Fields: date time x-edge-location sc-bytes c-ip cs-method cs(Host) cs-uri-stem sc-status cs(Referer) cs(User-Agent) cs-uri-query cs(Cookie) x- edge-result-type x-edge-request-id x-host-header cs-protocol cs-bytes time-taken x-forwarded-for ssl-protocol ssl-cipher x-edge-response-result- type cs-protocol-version 2014-05-23 01:13:11 FRA2 182 192.0.2.10 GET d111111abcdef8.cloudfront.net /view/my/file.html 200 www.displaymyfiles.com Mozilla/4.0%20(compatible;%20MSIE%205.0b1;%20Mac_PowerPC) - zip=98101 RefreshHit MRVMF7KydIvxMWfJIglgwHQwZsbG2IhRJ07sn9AkKUFSHS9EXAMPLE== d111111abcdef8.cloudfront.net http - 0.001 - - - RefreshHit HTTP/1.1 2014-05-23 01:13:12 LAX1 2390282 192.0.2.202 GET d111111abcdef8.cloudfront.net /soundtrack/happy.mp3 304 www.unknownsingers.com Mozilla/4.0%20(compatible;%20MSIE%207.0;%20Windows%20NT%205.1) a=b&c=d zip=50158 Hit xGN7KWpVEmB9Dp7ctcVFQC4E-nrcOcEKS3QyAez--06dV7TEXAMPLE== d111111abcdef8.cloudfront.net http - 0.002 - - - Hit HTTP/1.1
AWS WAF with Amazon Machine Learning
AWS WAF with Amazon Machine Learning Demo
AWS WAF with Amazon Machine Learning Category Result Accuracy 98% Recall true positive rate 78% False positive rate 1% True negative rate 99% How good is our machine learning model
Summary Spend less time securing your applications Instead, focus on building applications Provisioning WAF Reuse rules Configuring rules Configure common protections in minutes using CloudFormation templates Importing rules Automated reputation list from external sources Automated incident response Advanced application-specific firewall rules Learning-based protections Smart adaptive protections using Amazon ML
Remember to complete your evaluations!
Thank you! Get started with AWS WAF: https://console.aws.amazon.com/waf

Empfohlen

Hackproof Your Cloud – Responding to 2016 Threats
Hackproof Your Cloud – Responding to 2016 ThreatsHackproof Your Cloud – Responding to 2016 Threats
Hackproof Your Cloud – Responding to 2016 ThreatsAmazon Web Services
 
Deep Dive on Amazon S3 - March 2017 AWS Online Tech Talks
Deep Dive on Amazon S3 - March 2017 AWS Online Tech TalksDeep Dive on Amazon S3 - March 2017 AWS Online Tech Talks
Deep Dive on Amazon S3 - March 2017 AWS Online Tech TalksAmazon Web Services
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWSAmazon Web Services
 
Deep Dive on Amazon S3
Deep Dive on Amazon S3Deep Dive on Amazon S3
Deep Dive on Amazon S3Amazon Web Services
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools Amazon Web Services
 
BDA402 Deep Dive: Log analytics with Amazon Elasticsearch Service
BDA402 Deep Dive: Log analytics with Amazon Elasticsearch ServiceBDA402 Deep Dive: Log analytics with Amazon Elasticsearch Service
BDA402 Deep Dive: Log analytics with Amazon Elasticsearch ServiceAmazon Web Services
 
SRV403 Deep Dive on Object Storage: Amazon S3 and Amazon Glacier
SRV403 Deep Dive on Object Storage: Amazon S3 and Amazon GlacierSRV403 Deep Dive on Object Storage: Amazon S3 and Amazon Glacier
SRV403 Deep Dive on Object Storage: Amazon S3 and Amazon GlacierAmazon Web Services
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Amazon Web Services
 

Empfohlen

Hackproof Your Cloud – Responding to 2016 Threats
Hackproof Your Cloud – Responding to 2016 ThreatsHackproof Your Cloud – Responding to 2016 Threats
Hackproof Your Cloud – Responding to 2016 ThreatsAmazon Web Services
 
Deep Dive on Amazon S3 - March 2017 AWS Online Tech Talks
Deep Dive on Amazon S3 - March 2017 AWS Online Tech TalksDeep Dive on Amazon S3 - March 2017 AWS Online Tech Talks
Deep Dive on Amazon S3 - March 2017 AWS Online Tech TalksAmazon Web Services
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWSAmazon Web Services
 
Deep Dive on Amazon S3
Deep Dive on Amazon S3Deep Dive on Amazon S3
Deep Dive on Amazon S3Amazon Web Services
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools Amazon Web Services
 
BDA402 Deep Dive: Log analytics with Amazon Elasticsearch Service
BDA402 Deep Dive: Log analytics with Amazon Elasticsearch ServiceBDA402 Deep Dive: Log analytics with Amazon Elasticsearch Service
BDA402 Deep Dive: Log analytics with Amazon Elasticsearch ServiceAmazon Web Services
 
SRV403 Deep Dive on Object Storage: Amazon S3 and Amazon Glacier
SRV403 Deep Dive on Object Storage: Amazon S3 and Amazon GlacierSRV403 Deep Dive on Object Storage: Amazon S3 and Amazon Glacier
SRV403 Deep Dive on Object Storage: Amazon S3 and Amazon GlacierAmazon Web Services
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Amazon Web Services
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best PracticesAmazon Web Services
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Amazon Web Services
 
How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...
How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...
How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...Amazon Web Services
 
AWS Enterprise Summit Netherlands - WorkSpaces & WorkMail
AWS Enterprise Summit Netherlands - WorkSpaces & WorkMailAWS Enterprise Summit Netherlands - WorkSpaces & WorkMail
AWS Enterprise Summit Netherlands - WorkSpaces & WorkMailAmazon Web Services
 
Value, TCO & Cost Optimisation
Value, TCO & Cost OptimisationValue, TCO & Cost Optimisation
Value, TCO & Cost OptimisationAmazon Web Services
 
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...Amazon Web Services
 
ENT311 Maximize Scale and Agility: Automatically Leveraging Best Practices an...
ENT311 Maximize Scale and Agility: Automatically Leveraging Best Practices an...ENT311 Maximize Scale and Agility: Automatically Leveraging Best Practices an...
ENT311 Maximize Scale and Agility: Automatically Leveraging Best Practices an...Amazon Web Services
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingAmazon Web Services
 
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013Amazon Web Services
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceAmazon Web Services
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
 
Log Analytics with Amazon Elasticsearch Service and Amazon Kinesis - March 20...
Log Analytics with Amazon Elasticsearch Service and Amazon Kinesis - March 20...Log Analytics with Amazon Elasticsearch Service and Amazon Kinesis - March 20...
Log Analytics with Amazon Elasticsearch Service and Amazon Kinesis - March 20...Amazon Web Services
 
網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間Amazon Web Services
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsAmazon Web Services
 
AWS April 2016 Webinar Series - S3 Best Practices - A Decade of Field Experience
AWS April 2016 Webinar Series - S3 Best Practices - A Decade of Field ExperienceAWS April 2016 Webinar Series - S3 Best Practices - A Decade of Field Experience
AWS April 2016 Webinar Series - S3 Best Practices - A Decade of Field ExperienceAmazon Web Services
 
Deep Dive on Amazon S3 - AWS Online Tech Talks
Deep Dive on Amazon S3 - AWS Online Tech TalksDeep Dive on Amazon S3 - AWS Online Tech Talks
Deep Dive on Amazon S3 - AWS Online Tech TalksAmazon Web Services
 
Getting Started with Amazon Inspector
Getting Started with Amazon InspectorGetting Started with Amazon Inspector
Getting Started with Amazon InspectorAmazon Web Services
 
AWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage OptionsAWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage OptionsAmazon Web Services
 
Deep Dive on AWS Cloud Data Migration Services
Deep Dive on AWS Cloud Data Migration ServicesDeep Dive on AWS Cloud Data Migration Services
Deep Dive on AWS Cloud Data Migration ServicesAmazon Web Services
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Amazon Web Services
 
How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...
How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...
How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...Amazon Web Services
 
AWS Enterprise Summit Netherlands - WorkSpaces & WorkMail
AWS Enterprise Summit Netherlands - WorkSpaces & WorkMailAWS Enterprise Summit Netherlands - WorkSpaces & WorkMail
AWS Enterprise Summit Netherlands - WorkSpaces & WorkMailAmazon Web Services
 
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...Amazon Web Services
 
ENT311 Maximize Scale and Agility: Automatically Leveraging Best Practices an...
ENT311 Maximize Scale and Agility: Automatically Leveraging Best Practices an...ENT311 Maximize Scale and Agility: Automatically Leveraging Best Practices an...
ENT311 Maximize Scale and Agility: Automatically Leveraging Best Practices an...Amazon Web Services
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingAmazon Web Services
 
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013Amazon Web Services
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFAmazon Web Services
 
Log Analytics with Amazon Elasticsearch Service and Amazon Kinesis - March 20...
Log Analytics with Amazon Elasticsearch Service and Amazon Kinesis - March 20...Log Analytics with Amazon Elasticsearch Service and Amazon Kinesis - March 20...
Log Analytics with Amazon Elasticsearch Service and Amazon Kinesis - March 20...Amazon Web Services
 
網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間Amazon Web Services
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsAmazon Web Services
 
AWS April 2016 Webinar Series - S3 Best Practices - A Decade of Field Experience
AWS April 2016 Webinar Series - S3 Best Practices - A Decade of Field ExperienceAWS April 2016 Webinar Series - S3 Best Practices - A Decade of Field Experience
AWS April 2016 Webinar Series - S3 Best Practices - A Decade of Field ExperienceAmazon Web Services
 
Deep Dive on Amazon S3 - AWS Online Tech Talks
Deep Dive on Amazon S3 - AWS Online Tech TalksDeep Dive on Amazon S3 - AWS Online Tech Talks
Deep Dive on Amazon S3 - AWS Online Tech TalksAmazon Web Services
 
Getting Started with Amazon Inspector
Getting Started with Amazon InspectorGetting Started with Amazon Inspector
Getting Started with Amazon InspectorAmazon Web Services
 
AWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage OptionsAWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage OptionsAmazon Web Services
 

Was ist angesagt? (20)

Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
 
How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...
How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...
How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud wi...
 
AWS Enterprise Summit Netherlands - WorkSpaces & WorkMail
AWS Enterprise Summit Netherlands - WorkSpaces & WorkMailAWS Enterprise Summit Netherlands - WorkSpaces & WorkMail
AWS Enterprise Summit Netherlands - WorkSpaces & WorkMail
 
Value, TCO & Cost Optimisation
Value, TCO & Cost OptimisationValue, TCO & Cost Optimisation
Value, TCO & Cost Optimisation
 
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
February 2016 Webinar Series - Use AWS Cloud Storage as the Foundation for Hy...
 
ENT311 Maximize Scale and Agility: Automatically Leveraging Best Practices an...
ENT311 Maximize Scale and Agility: Automatically Leveraging Best Practices an...ENT311 Maximize Scale and Agility: Automatically Leveraging Best Practices an...
ENT311 Maximize Scale and Agility: Automatically Leveraging Best Practices an...
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
 
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced Session
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
Secure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAFSecure Content Delivery Using Amazon CloudFront and AWS WAF
Secure Content Delivery Using Amazon CloudFront and AWS WAF
 
Log Analytics with Amazon Elasticsearch Service and Amazon Kinesis - March 20...
Log Analytics with Amazon Elasticsearch Service and Amazon Kinesis - March 20...Log Analytics with Amazon Elasticsearch Service and Amazon Kinesis - March 20...
Log Analytics with Amazon Elasticsearch Service and Amazon Kinesis - March 20...
 
網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
AWS April 2016 Webinar Series - S3 Best Practices - A Decade of Field Experience
AWS April 2016 Webinar Series - S3 Best Practices - A Decade of Field ExperienceAWS April 2016 Webinar Series - S3 Best Practices - A Decade of Field Experience
AWS April 2016 Webinar Series - S3 Best Practices - A Decade of Field Experience
 
Deep Dive on Amazon S3 - AWS Online Tech Talks
Deep Dive on Amazon S3 - AWS Online Tech TalksDeep Dive on Amazon S3 - AWS Online Tech Talks
Deep Dive on Amazon S3 - AWS Online Tech Talks
 
Getting Started with Amazon Inspector
Getting Started with Amazon InspectorGetting Started with Amazon Inspector
Getting Started with Amazon Inspector
 
AWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage OptionsAWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage Options
 

Andere mochten auch

Deep Dive on AWS Cloud Data Migration Services
Deep Dive on AWS Cloud Data Migration ServicesDeep Dive on AWS Cloud Data Migration Services
Deep Dive on AWS Cloud Data Migration ServicesAmazon Web Services
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Amazon Web Services
 
Creating IoT Solutions with Serverless Architecture & Alexa
Creating IoT Solutions with Serverless Architecture & AlexaCreating IoT Solutions with Serverless Architecture & Alexa
Creating IoT Solutions with Serverless Architecture & AlexaAmazon Web Services
 
An Overview of AI on the AWS Platform - February 2017 Online Tech Talks
An Overview of AI on the AWS Platform - February 2017 Online Tech TalksAn Overview of AI on the AWS Platform - February 2017 Online Tech Talks
An Overview of AI on the AWS Platform - February 2017 Online Tech TalksAmazon Web Services
 
Strategic Uses for Cost Efficient Long-Term Cloud Storage
Strategic Uses for Cost Efficient Long-Term Cloud StorageStrategic Uses for Cost Efficient Long-Term Cloud Storage
Strategic Uses for Cost Efficient Long-Term Cloud StorageAmazon Web Services
 
Everything You Need for a Viral Game, Except the Game
Everything You Need for a Viral Game, Except the GameEverything You Need for a Viral Game, Except the Game
Everything You Need for a Viral Game, Except the GameAmazon Web Services
 
Amazon AWS Services Overview
Amazon AWS Services OverviewAmazon AWS Services Overview
Amazon AWS Services OverviewMichael Mullins
 
Content Security Policy
Content Security PolicyContent Security Policy
Content Security PolicyRyan LaBouve
 
Surfer en toute legalite sur le net
Surfer en toute legalite sur le netSurfer en toute legalite sur le net
Surfer en toute legalite sur le netAAT's
 
Running Business-Critical Applications on the AWS Cloud
Running Business-Critical Applications on the AWS CloudRunning Business-Critical Applications on the AWS Cloud
Running Business-Critical Applications on the AWS CloudAmazon Web Services
 
Content Security Policy - Lessons learned at Yahoo
Content Security Policy - Lessons learned at YahooContent Security Policy - Lessons learned at Yahoo
Content Security Policy - Lessons learned at YahooBinu Ramakrishnan
 
AppSec California 2017 CSP: The Good, the Bad and the Ugly
AppSec California 2017 CSP: The Good, the Bad and the UglyAppSec California 2017 CSP: The Good, the Bad and the Ugly
AppSec California 2017 CSP: The Good, the Bad and the UglyEli Nesterov
 
(BAC310) Building an Enterprise-Class Backup and Archive Storage Solution Usi...
(BAC310) Building an Enterprise-Class Backup and Archive Storage Solution Usi...(BAC310) Building an Enterprise-Class Backup and Archive Storage Solution Usi...
(BAC310) Building an Enterprise-Class Backup and Archive Storage Solution Usi...Amazon Web Services
 
AppSec USA 2016: Demystifying CSP
AppSec USA 2016: Demystifying CSPAppSec USA 2016: Demystifying CSP
AppSec USA 2016: Demystifying CSPEli Nesterov
 
AWS re:Invent 2016: Case Study: Librato's Experience Running Cassandra Using ...
AWS re:Invent 2016: Case Study: Librato's Experience Running Cassandra Using ...AWS re:Invent 2016: Case Study: Librato's Experience Running Cassandra Using ...
AWS re:Invent 2016: Case Study: Librato's Experience Running Cassandra Using ...Amazon Web Services
 

Andere mochten auch (20)

Deep Dive on AWS Cloud Data Migration Services
Deep Dive on AWS Cloud Data Migration ServicesDeep Dive on AWS Cloud Data Migration Services
Deep Dive on AWS Cloud Data Migration Services
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
 
Creating IoT Solutions with Serverless Architecture & Alexa
Creating IoT Solutions with Serverless Architecture & AlexaCreating IoT Solutions with Serverless Architecture & Alexa
Creating IoT Solutions with Serverless Architecture & Alexa
 
An Overview of AI on the AWS Platform - February 2017 Online Tech Talks
An Overview of AI on the AWS Platform - February 2017 Online Tech TalksAn Overview of AI on the AWS Platform - February 2017 Online Tech Talks
An Overview of AI on the AWS Platform - February 2017 Online Tech Talks
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
 
Strategic Uses for Cost Efficient Long-Term Cloud Storage
Strategic Uses for Cost Efficient Long-Term Cloud StorageStrategic Uses for Cost Efficient Long-Term Cloud Storage
Strategic Uses for Cost Efficient Long-Term Cloud Storage
 
What's New with AWS Lambda
What's New with AWS LambdaWhat's New with AWS Lambda
What's New with AWS Lambda
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
Everything You Need for a Viral Game, Except the Game
Everything You Need for a Viral Game, Except the GameEverything You Need for a Viral Game, Except the Game
Everything You Need for a Viral Game, Except the Game
 
Amazon AWS Services Overview
Amazon AWS Services OverviewAmazon AWS Services Overview
Amazon AWS Services Overview
 
AWS Security Overview
AWS Security OverviewAWS Security Overview
AWS Security Overview
 
Content Security Policy
Content Security PolicyContent Security Policy
Content Security Policy
 
Surfer en toute legalite sur le net
Surfer en toute legalite sur le netSurfer en toute legalite sur le net
Surfer en toute legalite sur le net
 
Web Apps Security
Web Apps SecurityWeb Apps Security
Web Apps Security
 
Running Business-Critical Applications on the AWS Cloud
Running Business-Critical Applications on the AWS CloudRunning Business-Critical Applications on the AWS Cloud
Running Business-Critical Applications on the AWS Cloud
 
Content Security Policy - Lessons learned at Yahoo
Content Security Policy - Lessons learned at YahooContent Security Policy - Lessons learned at Yahoo
Content Security Policy - Lessons learned at Yahoo
 
AppSec California 2017 CSP: The Good, the Bad and the Ugly
AppSec California 2017 CSP: The Good, the Bad and the UglyAppSec California 2017 CSP: The Good, the Bad and the Ugly
AppSec California 2017 CSP: The Good, the Bad and the Ugly
 
(BAC310) Building an Enterprise-Class Backup and Archive Storage Solution Usi...
(BAC310) Building an Enterprise-Class Backup and Archive Storage Solution Usi...(BAC310) Building an Enterprise-Class Backup and Archive Storage Solution Usi...
(BAC310) Building an Enterprise-Class Backup and Archive Storage Solution Usi...
 
AppSec USA 2016: Demystifying CSP
AppSec USA 2016: Demystifying CSPAppSec USA 2016: Demystifying CSP
AppSec USA 2016: Demystifying CSP
 
AWS re:Invent 2016: Case Study: Librato's Experience Running Cassandra Using ...
AWS re:Invent 2016: Case Study: Librato's Experience Running Cassandra Using ...AWS re:Invent 2016: Case Study: Librato's Experience Running Cassandra Using ...
AWS re:Invent 2016: Case Study: Librato's Experience Running Cassandra Using ...
 

Ähnlich wie Web Security Automation: Spend Less Time Securing your Applications

AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...Amazon Web Services
 
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...Amazon Web Services
 
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesSetup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesAmazon Web Services
 
Aws meetup aws_waf
Aws meetup aws_wafAws meetup aws_waf
Aws meetup aws_wafAdam Book
 
AWS WAF introduction and live demo - Pop-up Loft Tel Aviv
AWS WAF introduction and live demo - Pop-up Loft Tel AvivAWS WAF introduction and live demo - Pop-up Loft Tel Aviv
AWS WAF introduction and live demo - Pop-up Loft Tel AvivAmazon Web Services
 
淺談WAF在AWS的架構
淺談WAF在AWS的架構淺談WAF在AWS的架構
淺談WAF在AWS的架構4ndersonLin
 
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery Don’t Sacrifice Performance for Security: Best Practices for Content Delivery
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery Amazon Web Services
 
Advanced Techniques for Securing Web Applications
Advanced Techniques for Securing Web ApplicationsAdvanced Techniques for Securing Web Applications
Advanced Techniques for Securing Web ApplicationsAmazon Web Services
 
AWS - Advanced Techniques for securing web applications
AWS - Advanced Techniques for securing web applicationsAWS - Advanced Techniques for securing web applications
AWS - Advanced Techniques for securing web applicationsAmazon Web Services
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security ServicesAlert Logic
 
淺談WAF在AWS的架構_20171027
淺談WAF在AWS的架構_20171027淺談WAF在AWS的架構_20171027
淺談WAF在AWS的架構_201710274ndersonLin
 
Security Automation: Spend Less Time Securing Your Applications.
Security Automation: Spend Less Time Securing Your Applications.Security Automation: Spend Less Time Securing Your Applications.
Security Automation: Spend Less Time Securing Your Applications.Amazon Web Services
 
Secure your critical workload on AWS
Secure your critical workload on AWSSecure your critical workload on AWS
Secure your critical workload on AWSAmazon Web Services
 
Introduction to AWS WAF and AWS Firewall Manager
Introduction to AWS WAF and AWS Firewall ManagerIntroduction to AWS WAF and AWS Firewall Manager
Introduction to AWS WAF and AWS Firewall ManagerAkesh Patil
 
AWS August Webinar Series - DDoS Resiliency
AWS August Webinar Series - DDoS ResiliencyAWS August Webinar Series - DDoS Resiliency
AWS August Webinar Series - DDoS ResiliencyAmazon Web Services
 
SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseSEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseAmazon Web Services
 

Ähnlich wie Web Security Automation: Spend Less Time Securing your Applications (20)

AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
 
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
AWS re:Invent 2016: Workshop: Secure Your Web Application with AWS WAF and Am...
 
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar SeriesSetup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
Setup Preconfigured Protections on AWS WAF - November 2016 Webinar Series
 
Aws meetup aws_waf
Aws meetup aws_wafAws meetup aws_waf
Aws meetup aws_waf
 
AWS WAF introduction and live demo - Pop-up Loft Tel Aviv
AWS WAF introduction and live demo - Pop-up Loft Tel AvivAWS WAF introduction and live demo - Pop-up Loft Tel Aviv
AWS WAF introduction and live demo - Pop-up Loft Tel Aviv
 
淺談WAF在AWS的架構
淺談WAF在AWS的架構淺談WAF在AWS的架構
淺談WAF在AWS的架構
 
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery Don’t Sacrifice Performance for Security: Best Practices for Content Delivery
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery
 
Advanced Techniques for Securing Web Applications
Advanced Techniques for Securing Web ApplicationsAdvanced Techniques for Securing Web Applications
Advanced Techniques for Securing Web Applications
 
AWS - Advanced Techniques for securing web applications
AWS - Advanced Techniques for securing web applicationsAWS - Advanced Techniques for securing web applications
AWS - Advanced Techniques for securing web applications
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack Security
 
AWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAWS WAF - A Web App Firewall
AWS WAF - A Web App Firewall
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services
 
淺談WAF在AWS的架構_20171027
淺談WAF在AWS的架構_20171027淺談WAF在AWS的架構_20171027
淺談WAF在AWS的架構_20171027
 
Security Automation: Spend Less Time Securing Your Applications.
Security Automation: Spend Less Time Securing Your Applications.Security Automation: Spend Less Time Securing Your Applications.
Security Automation: Spend Less Time Securing Your Applications.
 
Secure your critical workload on AWS
Secure your critical workload on AWSSecure your critical workload on AWS
Secure your critical workload on AWS
 
Advanced AWS Security Workshop
Advanced AWS Security WorkshopAdvanced AWS Security Workshop
Advanced AWS Security Workshop
 
Introduction to AWS WAF and AWS Firewall Manager
Introduction to AWS WAF and AWS Firewall ManagerIntroduction to AWS WAF and AWS Firewall Manager
Introduction to AWS WAF and AWS Firewall Manager
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
AWS August Webinar Series - DDoS Resiliency
AWS August Webinar Series - DDoS ResiliencyAWS August Webinar Series - DDoS Resiliency
AWS August Webinar Series - DDoS Resiliency
 
SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application DefenseSEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
SEC304 Advanced Techniques for DDoS Mitigation and Web Application Defense
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Kürzlich hochgeladen

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Kürzlich hochgeladen (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Web Security Automation: Spend Less Time Securing your Applications

  • 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Dean Samuels Manager, Solutions Architecture Hong Kong & Taiwan 19th January 2016 Security Automation Using AWS WAF: Spend Less Time Securing Your Applications
  • 2. What to expect from this session Introduction to AWS WAF AWS WAF 101
  • 3. What to expect from this session Introduction to AWS WAF AWS WAF security automation strategies AWS WAF 101
  • 4. What to expect from this session Introduction to AWS WAF AWS WAF security automation strategies AWS WAF 101 5 automation strategies 1. Provisioning WAF 2. Deploying WAF 3. Importing rules 4. Automated incident response 5. Learning-based protections
  • 5. What to expect from this session AWS WAF security automation strategies AWS WAF 101 Demo and getting started Introduction to AWS WAF
  • 6. What is AWS WAF AWS WAF 101
  • 8. Why AWS WAF? Application vulnerabilities Good users Bad guys Web server Database Exploit code AWS WAF
  • 9. Why AWS WAF? Content abuse: Bots and scrapers Good users Bad guys Web server Database AWS WAF
  • 10. Why AWS WAF? Application DDOS Good users Bad guys Web server Database AWS WAF
  • 11. AWS WAF: Rules in action Monitor security events
  • 12. AWS WAF: Integrated with AWS Amazon CloudFront Global content delivery network to accelerate websites, API, video content, and other web assets
  • 13. AWS WAF: Integrated with AWS Amazon CloudFront Application Load Balancer Load balancer with advanced request routing, and support for microservices and container-based applications Global content delivery network to accelerate websites, API, video content, and other web assets Announcing today..
  • 14. What to expect from this session Introduction to AWS WAF AWS WAF security automation strategies AWS WAF 101 Demo and getting started
  • 15. Why security automation Spend less time securing your applications Instead, focus on building applications
  • 16. We built a WAF that has… Customizable and flexible rules APIs: Integration with DevOps …allowing several WAF automation strategies Quick rule update
  • 17. AWS WAF security automation strategies Provisioning WAF Configuring rules Importing rules Automated incident response Learning-based protections … to spend less time securing applications
  • 18. AWS WAF security automation strategies Provisioning WAF Configuring rules Importing rules Automated incident response Learning-based protections
  • 19. Provisioning AWS WAF Step 1 – Create web ACL
  • 20. Provisioning AWS WAF Rule 1: Whitelist [ALLOW] Rule 2: Blacklist [BLOCK] Rule 3: Common protection [BLOCK] Step 1 – Create web ACL Step 2 – Add rule
  • 21. Provisioning AWS WAF IP whitelist SQL injection URL match Rule 1: Whitelist [ALLOW] IP blacklist Rule 2: Blacklist [BLOCK] Rule 3: Common protection [BLOCK] Step 1 – Create web ACL Step 2 – Add rule Step 3: Add condition
  • 22. Provisioning AWS WAF IP Whitelist SQL injection URL match Rule 1: Whitelist [ALLOW] IP Blacklist Rule 2: Blacklist [BLOCK] Rule 3: Common protection [BLOCK] Step 1 – Create web ACL Step 2 – Add rule Step 3: Add condition Step 4: Associate Amazon CloudFront ALB
  • 23. Provisioning AWS WAF: Reuse Spend less time by reusing WAF rules
  • 24. Provisioning AWS WAF: Reuse IP whitelist internal IP SQL injection URL match Rule 1: Whitelist [ALLOW] IP blacklist known bad Rule 2: Blacklist [BLOCK] Rule 3: Common protection #1 [BLOCK] Web ACL #1 ALB 1 (dev env) Rule 4: Common protection #2 [BLOCK] XSS match Web ACL #2ALB 2 (prod env) Spend less time by reusing WAF rules
  • 25. Provisioning AWS WAF: Reuse IP whitelist internal IP SQL injection URL match Rule 1: Whitelist [ALLOW] IP blacklist known bad Rule 2: Blacklist [BLOCK] Rule 3: Common protection #1 [BLOCK] Web ACL #1 ALB 1 (dev env) Rule 4: Common protection #2 [BLOCK] XSS match Web ACL #2ALB 2 (prod env) Spend less time by reusing WAF rules ALB 3 (new app)
  • 26. Provisioning AWS WAF Quickly fix vulnerabilities Example: {CVE-2016-538} • Server-side web applications that utilize the HTTP_Proxy header as an environment variable • Attacker could intercept connections between a client and server. Quick solution: Use AWS WAF to configure a rule to detect and block web requests that contain a proxy header.
  • 27. Provisioning AWS WAF IP whitelist internal IP SQL injection URL match Rule 1: Whitelist [ALLOW] IP blacklist known bad Rule 2: Blacklist [BLOCK] Rule 3: Common protection #1 [BLOCK] Web ACL #1 ALB 1 (dev env) Rule 4: Common protection #2 [BLOCK] XSS match Web ACL #2ALB 2 (prod env) Spend less time by reusing WAF rules ALB 3 (new app)
  • 28. Provisioning AWS WAF IP whitelist internal IP SQL injection URL match Rule 1: Whitelist [ALLOW] IP blacklist known bad Rule 2: Blacklist [BLOCK] Rule 3: Common protection #1 [BLOCK] Web ACL #1 ALB 1 (dev env) Rule 4: Common protection #2 [BLOCK] XSS match Web ACL #2ALB 2 (prod env) Spend less time by reusing WAF rules ALB 3 (new app) Rule 5: CVE-2016-538 [BLOCK] Header match
  • 29. AWS WAF security automation strategies Provisioning WAF Configuring rules Importing rules Automated incident response Learning-based protections
  • 30. Configuring AWS WAF rules Preconfigured AWS CloudFormation templates for common protection CloudFormation template AWS WAF Configuration
  • 31. Configuring AWS WAF: Common protection Enable common protections  SQL injection  Cross-site scripting
  • 32. Preconfigured protections: Customer example Need quick setup and common protections like SQLi, XSS “Overall, the entire stack so far has been extremely helpful. I truly would say that this stack should almost be a standard built-in for anyone looking to use WAF as I cannot begin to tell you how useful and truly effective it is.” Award winning Health & Beauty eTailer
  • 33. Configuring AWS WAF: Common protection Demo
  • 34. AWS WAF security automation strategies Provisioning WAF Configuring rules Importing rules Automated incident response Learning-based protections
  • 35. Importing AWS WAF rules Import open source IP reputation lists
  • 36. Importing AWS WAF rules Open source IP reputation lists
  • 38. AWS WAF security automation strategies Provisioning WAF Configuring rules Importing rules Automated incident response Learning-based protections
  • 39. Why security automation Traditional incident response Good users Bad guys Server AWS WAF Logs Threat analysis Notification Security engineer
  • 40. Why security automation Automated incident response Good users Bad guys Server AWS WAF Logs Threat analysis Rule updater Notification Security engineer
  • 41. Security automation: Use cases HTTP floods Scans and probes Attackers Use cases that static rules cannot protect effectively
  • 42. Automated incident response: Customer example
  • 43. MapBox uses WAF to protect from bots Good users Bad guys Serve r AWS WAF Logs Threat analysis Rule updater
  • 44. AWS WAF security automation strategies Provisioning WAF Configuring rules Importing rules Security Automation Learning-based protections
  • 45. What is machine learning Machine learning is the technology that automatically finds patterns in your data and uses them to make predictions for new data points as they become available Your data + machine learning = smart applications
  • 46. Amazon Machine Learning Easy-to-use, managed machine learning service built for developers Robust, powerful machine learning technology based on Amazon’s internal systems Create models using your data already stored in the AWS Cloud Deploy models to production in seconds
  • 47. AWS WAF with Amazon Machine Learning A PoC on learning-based WAF
  • 48. AWS WAF with Amazon Machine Learning The problem: Detect requests from domain generation algorithms Solution: Use referrer header to detect bad domains visiting my website based on machine learning
  • 49. AWS WAF with Amazon Machine Learning 1. Data preparation – Feature engineering 2. Train model based on known good and bad domains 3. Evaluate using real data
  • 50. AWS WAF with Amazon Machine Learning 1. Data preparation – Feature engineering
  • 51. AWS WAF with Amazon Machine Learning 2. Train model based on known good and bad domains Good domains: Alexa 10,000 Bad domains: Known phishing domains
  • 52. AWS WAF with Amazon Machine Learning 3. Evaluate using real data Use raw logs from CloudFront logs #Version: 1.0 #Fields: date time x-edge-location sc-bytes c-ip cs-method cs(Host) cs-uri-stem sc-status cs(Referer) cs(User-Agent) cs-uri-query cs(Cookie) x- edge-result-type x-edge-request-id x-host-header cs-protocol cs-bytes time-taken x-forwarded-for ssl-protocol ssl-cipher x-edge-response-result- type cs-protocol-version 2014-05-23 01:13:11 FRA2 182 192.0.2.10 GET d111111abcdef8.cloudfront.net /view/my/file.html 200 www.displaymyfiles.com Mozilla/4.0%20(compatible;%20MSIE%205.0b1;%20Mac_PowerPC) - zip=98101 RefreshHit MRVMF7KydIvxMWfJIglgwHQwZsbG2IhRJ07sn9AkKUFSHS9EXAMPLE== d111111abcdef8.cloudfront.net http - 0.001 - - - RefreshHit HTTP/1.1 2014-05-23 01:13:12 LAX1 2390282 192.0.2.202 GET d111111abcdef8.cloudfront.net /soundtrack/happy.mp3 304 www.unknownsingers.com Mozilla/4.0%20(compatible;%20MSIE%207.0;%20Windows%20NT%205.1) a=b&c=d zip=50158 Hit xGN7KWpVEmB9Dp7ctcVFQC4E-nrcOcEKS3QyAez--06dV7TEXAMPLE== d111111abcdef8.cloudfront.net http - 0.002 - - - Hit HTTP/1.1
  • 53. AWS WAF with Amazon Machine Learning
  • 54. AWS WAF with Amazon Machine Learning Demo
  • 55. AWS WAF with Amazon Machine Learning Category Result Accuracy 98% Recall true positive rate 78% False positive rate 1% True negative rate 99% How good is our machine learning model
  • 56. Summary Spend less time securing your applications Instead, focus on building applications Provisioning WAF Reuse rules Configuring rules Configure common protections in minutes using CloudFormation templates Importing rules Automated reputation list from external sources Automated incident response Advanced application-specific firewall rules Learning-based protections Smart adaptive protections using Amazon ML
  • 58. Thank you! Get started with AWS WAF: https://console.aws.amazon.com/waf