Amazon Apigateway

6.1: Development API Gateway is not integrated with the AWS Web Application Firewall(WAF)

📘 Exposing the development API Gateway without WAF integration can invite potential security threats, emphasizing the need for protective measures against malicious web traffic.

• Section: Networking
• Severity: High
• CWE: CWE-76 Improper Neutralization of Equivalent Special Elements
• Assurance Scope: PCI, NIST
• Threat Modeling Principal: Tampering, Information Disclosure
• Rule Set: Threat Modeling - Cloud Configuration Check

6.2: Production API Gateway is not integrated with the AWS Web Application Firewall(WAF)

📘 A production environment without WAF integration for the API Gateway can be susceptible to advanced threats, highlighting the criticality of safeguarding against harmful web requests.

• Section: Networking
• Severity: High
• CWE: CWE-76 Improper Neutralization of Equivalent Special Elements
• Assurance Scope: PCI, NIST
• Threat Modeling Principal: Tampering, Information Disclosure
• Rule Set: Threat Modeling - Cloud Configuration Check