How To Secure Web Application With Aws Waf And Cloudwatch

Web applications security. AWS WAF masterclass. Practical guidance with cost-effective solutions at real examples.

What you'll learn

How to secure Web application at AWS

How Web Application firewall works

How to configure AWS WAF poperly

How to configure WAF alarms

How to use Athena to analyse WAF and Application logs

How custom exceptions and custom logging can become a security defense tool

How to use CloudWatch for working with Application Logs

How to build custom CloudWatch filters and alerts upon it

How to provide cyber threat analysis using Athena and Excel after a hacker's attack

Requirements

Active AWS account, some active web domain, basic knowledge at using docker and web programming

Description

Hi, my name is Sergii and I am glad to see you at that course.We will start from creating a very small API application. For that purpose I will use the Python programming language and Flask framework. If you are not aware of current technologies, don't worry, you should not. Believe me, the application would be extremely simple, so anyone, even a child, can understand how it works.While creating according application I will concentrate at next essential aspects:Custom exceptionsLoggingI will explain why it is so essential to have those both things at any application and how to make it properly in order it would be helpful from a security defense perspective.The principles which I will show you are extremely simple and can be easily propagated at any existing web application. You will see the real power of properly done exceptions and logging at your own eyes when we will make real hacker’s attacks simulations at our application after deploying it at AWS cloudGenerally speaking, deploying - it is 2nd essential part of our learning. Together we will deploy our test API application at AWS using Terraform.And again, if you have never used current technology, don’t worry. I will show you step by step, how to run according terraform scripts.At 1st we will prepare the AWS network, after that we will deploy AWS ALB with WAF, and finally, at the last step, we will deploy our application at EC2 using an auto scaling group. Current pattern of deployment can be easily used by you at production as it is rather cost effective and almost a HA solution. Though as every solution it also has some limitations, which I will discover during Terraform lecturesAt deployment section I will speak a lot about different AWS Services, that would be used for creating security defense mechanismsIAM policies and Security groups as restriction mechanisms to our resourcesS3 as place for keeping our ALB and WAF logsCloudWath as centralized log storage and alarm systemSNS - as mechanism for sending alarm notifications during security attacks detectionI will also touch a little bit Route 53 and Certificate manager servicesThe deployed Falsk application and all AWS infrastructure around it would be intensively used as a lab environment for imitating different hacker’s attacks and providing a cyber security learning process. That will allow you to perform real practice training and try different security tools and tricks with your own hands. That is why, as for me, it is so essential to have it to be done.In the third section we will speak about AWS WAF. We will discuss in details:What resources can we attach WAF at - ALB, APi gateway, CFHow properly to configure itWhy correct configurationof AWS WAF is so time consuming processHow to set up AWS WAF managed rules and custom blocking policiesHow to analyse WAF and ALB logs using Athena Why WAF is not silver bullet that can’t protect web app against all possible threatsAt current section I will also show you some examples of real attacks that were blocked by WAF taken from my commercial experience, in order you could feel how powerful WAF is as a security defense toolAt 4th section we will discuss deeply AWS CloudWatch service, especially:how to use our application logs as security detectorhow to build custom CloudWatch filtershow to raise alerts in case web application is under the hacker’s attackhow you can be aware of attack even before WAF will detect it, or when WAF could not deal with the problemIn the 5th part we will speak about cyber threat analysis using Atena and Excel after a hacker's attack. We will discuss how to gather all required data using Athena and how to verify if the hacker's actions had any success.At last 5th section we will make a short summary of all passed practice materials, by creating effective security defense framework, that can be used at any cloud or even at on-premise solutionsThat’s all. See you at the 1st sectio, where we will start to examine test api application. Hope to see you soon.

Overview

Section 1: Introduction

Lecture 1 Promo introduction video

Lecture 2 About me and cyber security experience

Lecture 3 Coarse road map

Section 2: Flask test API application

Lecture 4 Flask app - local environment

Lecture 5 Flask app - code overview, how application works

Lecture 6 Flask app - custom exceptions

Lecture 7 Flask app - logging

Section 3: Application deployment at AWS using Terraform

Lecture 8 Terraform installation with tfenv

Lecture 9 AWS profile and terrafrom configuration

Lecture 10 Running terraform scripts - essential introduction

Lecture 11 Applying terraform - Part 1: pre init and network terrafrom modules

Lecture 12 Applying terraform - Part 2: AWS ALB and AWS Certificate Manage

Lecture 13 Build docker image and push it to the AWS ECR

Lecture 14 Applying terraform - Part 3: flask application at EC2 using auto scaling group

Lecture 15 Applying terraform - Part 4: add EC2 to AWS ALB as target group

Section 4: AWS WAF - deep inside

Lecture 16 What is WAF and how it works

Lecture 17 AWS WAF managed rules as first step

Lecture 18 AWS WAF managed rules and count mode

Lecture 19 AWS WAF logs and test data set

Lecture 20 Initial Athena-WAF configuration

Lecture 21 Athena - running first query, WAF logs structure, Athena pricing

Lecture 22 How to analyse WAF log’s data with Athena queries - part 1

Lecture 23 How to analyse WAF log’s data with Athena queries - part 2

Lecture 24 AWS WAF managed rules configuration methodology and rules versions

Lecture 25 AWS WAF managed rules in action

Lecture 26 AWS WAF - custom white and black lists - part 1

Lecture 27 AWS WAF - custom white and black lists - part 2

Lecture 28 AWS WAF and custom regex pattern set

Lecture 29 AWS WAF rate rules introduction

Lecture 30 How to calculate rate thresholds for application using Athena and ALB logs

Lecture 31 AWS WAF rate rules in practice - part 1

Lecture 32 AWS WAF rate rules in practice - part 2

Lecture 33 AWS WAF metrics and alarms

Lecture 34 AWS WAF priority

Lecture 35 Why AWS WAF is not a silver bullet

Section 5: Application and CloudWatch as security monitoring tool

Lecture 36 How to use CloudWatch logs

Lecture 37 Understanding Application logs with CloudWatch Logs Insights and Dashboards

Lecture 38 Custom CloudWatch metrics and alerts as sensitive detector of abnormal behavior

Section 6: Cyber threat analysis using Atena and Excel

Lecture 39 Cyber threat analysis workflow - part 1

Lecture 40 Cyber threat analysis workflow - part 2

Lecture 41 Analyse data at Excel - part 1

Lecture 42 Analyse data at Excel - part 2

Section 7: Security defense framework

Lecture 43 Security defense framework

Lecture 44 Cyber Security Questionnaire

Anyone who is interested at cyber security or who is responsible for Web resources - software engineers, DevOps, admin, CTO, CEO