As connectivity increases, the imperative for organizations to make its applications highly available, fast and secure become a critical cornerstone in achieving business objectives. At the same time, threats to web applications have increased significantly as attacks become more vicious with sophisticated technologies. Also web-based threat actors are growing by the day from pesky teenagers to state-sponsored hacking.
AWS offers Web Application Firewall (WAF) that helps protect your applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. 
AWS WAF can protect the application from three ways:

1. Filter traffic based on source IP address. You can block or allow traffic from specific source IP address.
2. Filter traffic if any SQL injection threat is found in HTTP header, query string or Uniform Resource Identifier (URI)
3. Filter traffic if any specific string match in HTTP header, query string or URI

Users can control how Amazon CloudFront responds to web requests by creating conditions, rules, and web access control lists (web ACLs).

AWS WAF Not Enough to Protect Application

However AWS WAF protection is not comprehensive to fight the increasing number of security threats on the Internet. Since it works on manually created custom rules, it is tedious to update and change rules or add new ones to counter new threats or attacks in real-time.

One of the biggest threats to web applications is DDoS attacks but AWS WAF does not provide comprehensive protection. Other WAFs are often used in protecting web applications, among which Citrix NetScaler AppFirewall is both popular and effective.

Citrix NetScaler

Citrix NetScaler AppFirewall is a web application firewall that analyses both incoming and outgoing traffic, including encrypted communication on https or ssl, and protects the application against a broad range of security threats.

  • Citrix NetScaler AppFirewall is capable to perform inspection of HTTP, HTTPS and XML packets as well as protection against OWASP top 10.
  • NetScaler AppFirewall protects the application from several security threats. Some of those are listed below
  • o SQL injection attacks
    o Cross-site scripting attacks
    o Cookie tampering, form validation and protection
    o HTTP and XML reply and request format validation
    o JSON payload inspection
    o Signature and behaviour based protections
    o Data loss prevention (DLP) support including the monitoring of traffic for intended and unintended data exposure
    o DDoS protection
    o Authentication, authorization and auditing support and reporting
    o Policy tools that provide for easier PCI-DSS compliance verification.

Citrix NetScaler AppFirewall is supported on AWS infrastructure and can be implemented easily. NetScaler Virtual appliance is available on AWS Marketplace and anyone looking for effective web application firewall can use it.

Umbrella Infocare is a premium partner of AWS and Citrix and is uniquely positioned to help customers achieve the best outcomes of website security with WAF deployment. Our experience has seen customers achieve very high level of security on AWS by using Citrix Netscaler and we recommend this to customers and prospects.