A popular blogging site is using AWS Cloud infrastructure for deploying its blogging site. An AWS ALB is used for handling all its front-end user requests which are served by a fleet of Amazon EC2 instance. Last week there was an incident when some users added malicious code which impacted the whole blogging site. As an AWS Consultant, the security team from this site is looking for your recommendation to avoid such incidents again in the future. Which of the following recommendation can prevent such risk?

Answer options:

A.Use AWS WAF SQL match condition to protect blogging site.
B.Use AWS WAF IP address match condition to protect blogging site.
C.Use AWS WAF Cross-site scripting match condition to protect blogging site.
D.Use AWS WAF String match condition to protect blogging site.

Correct Answer – C
AWS WAF can be used with AWS ALB to protect web applications from common attacks. With AWS WAF, the following conditions can be used to deny traffic to web applications,
· Cross-Site Scripting
· IP Address
· Length of request
· SQL injection
· Geographic Match
· String Match.
In the above case,malicious codes uploaded by users can be detected by the Cross-Site Scripting rule with AWS WAF on AWS ELB.Option A is incorrect as this condition will match only malicious SQL code in the request.
Option B is incorrect as Using AWS WAF IP address match condition will block a pool of IP Address, it won’t be effective if there is a constant change in the source IP address where the user is accessing this site.
Option D is incorrect as this condition will match a specified string in the request, it won’t be effective for the request with a string other than specified.
For more information on using AWS WAF for Web Application Security, refer to the following URL
https://d0.awsstatic.com/whitepapers/Security/aws-waf-owasp.pdf