【Table of contents】
- 1. Introduction
- 2. Basic information on AWS WAF
- 3. Supported Attacks
- 4. Creating and Applying Customized Rules
- 5. Conclusion
1. Introduction
In this article, we will summarize the attacks that WafCharm can handle. The ever-changing nature of cybersecurity means that we cannot guarantee that WafCharm will protect flawlessly against all the attacks listed, but our comprehensive strategy protects our customers in a way that no other service can match.
Please note that the application status of the rules may vary from ACL to ACL. Due to security reasons, we also cannot disclose specific details in order to prevent the information from being used in an attack.
2. Basic information on AWS WAF
AWS WAF v2 allows users to use up to 5,000 WCUs in a web ACL. However, there may be additional fees if you use more than 1,500 WCUs.
How many WCUs you'd like to use in a web ACL is up to you.
Please keep in mind that we cannot apply every rule we can create because of the AWS WAF limitations and WCUs.
3. Supported Attacks
In this section, we will explain in a little more detail the corresponding attacks as protection against general threats.
List of examples of supported attacks:
- - SQL Injection
- - OS command injection
- - Code injection
- - Header injection
- - Path traversal and directory traversal
- - Cross-site scripting
- - XXE attacks
- - Protection against malicious UserAgent
- - Other vulnerabilities related to specific middleware or OS, etc.
Examples of unsupported attacks:
- - CSRF
Status of Supported Attacks by Blacklist Update:
- - The corresponding attacks related to the blacklist re-matching process are not disclosed.
- - The basic idea is that for attacks that can be handled, there must be conditions that can be judged as abnormal at the communication stage to the WAF.
- - It is not possible to detect access using a password that has already been leaked or access that is indistinguishable from normal access.
- - WAF cannot detect accesses that use passwords that have already been compromised or accesses that cannot be distinguished from normal accesses.
Specific vulnerability is classified as one of the attacks in the list above if it's classified. For example, if you receive a SQL injection using a specific middleware-dependent vulnerability that allows you to access the administration screen.
4. Creating and Applying Customized Rules
WafCharm can be customized to create and apply rules for each customer. If you would like to have more granular control of your rules, please contact us.
Example of customization:
- - You want to prioritize the detection of attacks against a specific vulnerability because updates are not available immediately.
- - If an attack using the vulnerability can be identified, we will create and apply a customized rule.
- - You want to block access to a specific path. (Necessary accesses are avoided by whitelisting.)
- - You want to create and apply a customized rule to block the access to the target path.
- - You want to use rate-based rules.
For more information, please refer to the following blog:
https://www.wafcharm.com/blog/how-to-use-the-rate-based-rule/
5. Conclusion
Please note that implementing a WAF isn’t an all-in-one solution for cybersecurity.
It is important to take comprehensive measures such as updating against vulnerabilities, designing a secure site, setting appropriate permissions, and closing unnecessary communication channels.