globaldatanetmenu

.OWASP TOP 10 mapped to AWS Managed Rules

Mar 19th 2022-2 min read

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. In this post, I will show you which AWS Managed Rule Group is addressing which Web Application Security Risk from the OWASP TOP 10.

Managed rule groups are collections of predefined rules that AWS and AWS Marketplace sellers will maintain for you. There is one difference between AWS and Marketplace rule groups. AWS is mostly available for free (only AWS WAF Bot Control and AWS WAF Fraud Control account takeover prevention rule groups have additional fees) whereas Marketplace managed rule groups are available by subscription through AWS Marketplace.

🚨 Just as a side note Amazon Managed Rules should be considered first-layer of application defense strategy. You still need to consider using custom rules that cover specific vulnerabilities of your applications, or partner managed rules that are more relevant for your specifics.

OWASP identifierAWS Managed Rule Group Name / CommentsRule Name
SizeRestrictions_QUERYSTRING EC2MetaDataSSRF_QUERYARGUMENTS GenericLFI_QUERYARGUMENTS RestrictedExtensions_QUERYARGUMENTS GenericRFI_QUERYARGUMENTS CrossSiteScripting_QUERYARGUMENTS
SQLi_QUERYARGUMENTS SQLiExtendedPatterns_QUERYARGUMENTS SQLi_BODY SQLiExtendedPatterns_BODY SQLi_COOKIE
ExploitablePaths_URIPATH Log4JRCE_HEADER Log4JRCE_QUERYSTRING Log4JRCE_URI Log4JRCE_BODY
AttributePasswordTraversal AttributeUsernameTraversal AttributeCompromisedCredentials MissingCredential VolumetricSession TokenRejected AWSManagedIPReputationList AWSManagedReconnaissanceList CategoryAdvertising CategoryArchiver CategoryContentFetcher CategoryHttpLibrary CategoryLinkChecker CategoryMiscellaneous CategoryMonitoring CategoryScrapingFramework CategorySecurity CategorySeo CategorySocialMedia CategorySearchEngine SignalAutomatedBrowser SignalKnownBotDataCenter SignalNonBrowserUserAgent
No Web Application Firewall Check - Take care that you configure proper monitoring of all component from your application.
EC2MetaDataSSRF_BODY EC2MetaDataSSRF_COOKIE EC2MetaDataSSRF_URIPATH EC2MetaDataSSRF_QUERYARGUMENTS

If you are searching for a solution to deploy, update, and stage your Web Application Firewalls while managing them centrally via AWS Firewall Manager take a look at the AWS Firewall Factory tool. AWS Firewall Factory is able to test your deployed firewall using GoTestWAF. GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC and many more. It was designed to evaluate web application security solutions, such as API security proxies, Web Application Firewalls, IPS, API gateways, etc.