Category: Security, Identity, & Compliance

AWS WAF Bot Control uses CAPTCHA and Challenge actions to undertake a browser interaction before permitting requests to protected resources. These actions can result in a poor user experience because of application errors or unexpected CAPTCHA completion when AWS WAF unexpectedly blocks requests. The AWS WAF JavaScript integrations give you the ability to control these […]

Customers use AWS WAF to protect their web applications and APIs. They typically use a mixture of managed rules and their own custom rules, and then tune them in order to prevent as much undesired traffic as possible from reaching their applications. This implementation and tuning exercise typically produces a web access control list (web ACL) that […]

Today, we are introducing support for security group referencing on AWS Transit Gateway. This new feature allows you to create inbound security rules that reference security groups defined in other Amazon Virtual Private Clouds (Amazon VPCs) attached to a transit gateway within the same Amazon Web Services (AWS) Region. Outbound security rules referencing over Transit […]

Amazon Web Services (AWS) offers a wide choice of networking services. While these services enable AWS to meet more customer needs around networking, that variety increases the number of available options to consider in making architectural decisions when designing AWS and hybrid networking infrastructure. Cost is one of the main factors that drive architectural decisions […]

Application owners often rely on content management systems (CMS) to publish and manage content on their websites. WordPress is the world’s most popular content management system. Originally launched as a blogging platform back in 2003, WordPress now powers 43% of all websites and controls a massive 64.3% of the known CMS market. The purpose of this […]

At AWS, security is the top priority, and we are committed to providing you with the necessary guidance to fortify the security posture of your environment. In 2018, we introduced built-in authentication support for Application Load Balancers (ALBs), enabling secure user authentication as they access applications. This feature allows developers to offload the authentication responsibility […]

Organizations use remote access solutions for secure remote user access to resources hosted on their internal networks. This post shows various deployment models to integrate AWS Network Firewall with AWS Client VPN. AWS Client VPN is a managed client-based VPN service that secures access to your AWS resources, and resources in your on-premises network, over […]

Protecting against bot threats requires insights into the client environment beyond what is available through network-level characteristics of a request, such as TCP or HTTP payload signatures. AWS WAF uses CAPTCHA and Challenge actions to undertake a client-side interaction, whether on a mobile device or browser, to understand this client environment before they can be […]

Web application security is an ongoing process. AWS WAF enables real-time monitoring and blocking of potentially harmful web requests. Bot Control and Fraud Control use machine learning (ML) to detect and prevent sophisticated threats. Bot traffic can make up anywhere from 30% to 50% or even more of total web traffic. After enabling AWS WAF, […]

AWS Network Firewall is a managed, stateful network firewall and intrusion protection service that allows you to implement firewalls rules for fine grained control over your network traffic. If you’re new to AWS Network Firewall, and want to understand its features and use cases, we recommend you review the blog post AWS Network Firewall – […]