The Ops Community ⚙️

David Krohn
David Krohn

Posted on • Originally published at globaldatanet.com

OWASP TOP 10 mapped to AWS Managed Rules

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. In this post, I will show you which AWS Managed Rule Group is addressing which Web Application Security Risk from the OWASP TOP 10.

Managed rule groups are collections of predefined rules that AWS and AWS Marketplace sellers will maintain for you. There is one difference between AWS and Marketplace rule groups. AWS is mostly available for free (only AWS WAF Bot Control and AWS WAF Fraud Control account takeover prevention rule groups have additional fees) whereas Marketplace managed rule groups are available by subscription through AWS Marketplace.

🚨 Just as a side note Amazon Managed Rules should be considered first-layer of application defense strategy. You still need to consider using custom rules that cover specific vulnerabilities of your applications, or partner managed rules that are more relevant for your specifics.

OWASP Identifier AWS Managed Rule Group Name / Comments Rule Name
A01:2021 AWSManagedRulesCommonRuleSet SizeRestrictions_QUERYSTRING EC2MetaDataSSRF_QUERYARGUMENTS GenericLFI_QUERYARGUMENTS RestrictedExtensions_QUERYARGUMENTS GenericRFI_QUERYARGUMENTS CrossSiteScripting_QUERYARGUMENTS
A02:2021 No Web Application Firewall Check - Cryptographic Failures can be detected by tools like prowler.
A03:2021 AWSManagedRulesSQLiRuleSet SQLi_QUERYARGUMENTS SQLiExtendedPatterns_QUERYARGUMENTS SQLi_BODY SQLiExtendedPatterns_BODY SQLi_COOKIE
A04:2021 No Web Application Firewall Check - Insecure Design can be detected by tools like prowler.
A05:2021 No Web Application Firewall Check - Security Misconfiguration can be checked by tools like prowler.
A06:2021 AWSManagedRulesKnownBadInputsRuleSet 🚨 In addition Vulnerable and outdated components can be detected with Tools like sysdig or aquasec. ExploitablePaths_URIPATH Log4JRCE_HEADER Log4JRCE_QUERYSTRING Log4JRCE_URI Log4JRCE_BODY
A07:2021 AWSManagedRulesATPRuleSet AWSManagedRulesAmazonIpReputationList AWSManagedRulesBotControlRuleSet ℹ️ AWSManagedRulesATPRuleSet & AWSManagedRulesBotControlRuleSet have a addtional fees (look at the pricing page) AttributePasswordTraversal AttributeUsernameTraversal AttributeCompromisedCredentials MissingCredential VolumetricSession TokenRejected AWSManagedIPReputationList AWSManagedReconnaissanceList CategoryAdvertising CategoryArchiver CategoryContentFetcher CategoryHttpLibrary CategoryLinkChecker CategoryMiscellaneous CategoryMonitoring CategoryScrapingFramework CategorySecurity CategorySeo CategorySocialMedia CategorySearchEngine SignalAutomatedBrowser SignalKnownBotDataCenter SignalNonBrowserUserAgent
A08:2021 No Web Application Firewall Check - Software and Data Integrity Failures can be detected with Tools like sysdig or aquasec.
A09:2021 No Web Application Firewall Check - Take care that you configure proper monitoring of all component from your application.
A10:2021 AWSManagedRulesCommonRuleSet EC2MetaDataSSRF_BODY EC2MetaDataSSRF_COOKIE EC2MetaDataSSRF_URIPATH EC2MetaDataSSRF_QUERYARGUMENTS

If you are searching for a solution to deploy, update, and stage your Web Application Firewalls while managing them centrally via AWS Firewall Manager take a look at the AWS Firewall Factory tool. AWS Firewall Factory is able to test your deployed firewall using GoTestWAF. GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC and many more. It was designed to evaluate web application security solutions, such as API security proxies, Web Application Firewalls, IPS, API gateways, etc.

Top comments (0)