I have had experienced with several WAF deployments and deep technical assessments of the following:
1. Imperva WAF
2. F5 WAF
3. Polarisec Cloud WAF
Typical limitations on cloud WAF is that the solution only includes generic level of web application protection. The difference primarily with on-premise WAF / dedicated WAF solution like Imperva is ability to protect business logic in the web application. This approach allows user to apply strict positive security as opposed to negative security model.
Cloud WAF typically revolves around technical level attacks mitigation such as SQLi, XSS, CSRF and bot related detection and mitigation. To do more customized rule settings (for instance to protect business logic), a multi-tenant capable solutions usually do not have high level of customization ability due to its nature of generic, wide range of client types coverage.
Nevertheless, the capability to protect technical level attacks might be sufficient for your web application, given the fact that AWS is tightly integrated in its PaaS offering, making the implementation and deployment much more seamless compared to the other products.
In my opinion, you could consider AWS WAF if:
1. Your web application do not serve complex business logic such as Internet Banking.
2. Your only concern about security is technical attacks mitigation.
3. Your web application is hosted in AWS infrastructure.
AWS Web Application Firewall (WAF) is a firewall security system that monitors incoming and outgoing traffic for applications and websites based on your pre-defined web security rules. AWS WAF defends applications and websites from common Web attacks that could otherwise damage application performance and availability and compromise security.
You can create rules in AWS WAF that can include blocking specific HTTP headers, IP addresses, and URI strings. These rules prevent common web...
Hi Varun,
I have had experienced with several WAF deployments and deep technical assessments of the following:
1. Imperva WAF
2. F5 WAF
3. Polarisec Cloud WAF
Typical limitations on cloud WAF is that the solution only includes generic level of web application protection. The difference primarily with on-premise WAF / dedicated WAF solution like Imperva is ability to protect business logic in the web application. This approach allows user to apply strict positive security as opposed to negative security model.
Cloud WAF typically revolves around technical level attacks mitigation such as SQLi, XSS, CSRF and bot related detection and mitigation. To do more customized rule settings (for instance to protect business logic), a multi-tenant capable solutions usually do not have high level of customization ability due to its nature of generic, wide range of client types coverage.
Nevertheless, the capability to protect technical level attacks might be sufficient for your web application, given the fact that AWS is tightly integrated in its PaaS offering, making the implementation and deployment much more seamless compared to the other products.
In my opinion, you could consider AWS WAF if:
1. Your web application do not serve complex business logic such as Internet Banking.
2. Your only concern about security is technical attacks mitigation.
3. Your web application is hosted in AWS infrastructure.
Hope this answers could be useful.
@John Rendy Also, if you are dependent on AWS certificate manager, as other WAF require you to provide your certificates which AWS will not export.
Hello @Venkatesh VRH , @Vinamra Singhai and @DanielSeco. Can you please help here?