Amazon Apigateway
š Exposing the development API Gateway without WAF integration can invite potential security threats, emphasizing the need for protective measures against malicious web traffic.
- Section: Networking
- Severity: High
- CWE: CWE-76 Improper Neutralization of Equivalent Special Elements
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Tampering, Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
š A production environment without WAF integration for the API Gateway can be susceptible to advanced threats, highlighting the criticality of safeguarding against harmful web requests.
- Section: Networking
- Severity: High
- CWE: CWE-76 Improper Neutralization of Equivalent Special Elements
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Tampering, Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
Updated about 1 year ago
Whatās Next