Amazon Apigateway

6.1: Development API Gateway is not integrated with the AWS Web Application Firewall(WAF)

πŸ“˜ Exposing the development API Gateway without WAF integration can invite potential security threats, emphasizing the need for protective measures against malicious web traffic.

  • Section: Networking
  • Severity: High
  • CWE: CWE-76 Improper Neutralization of Equivalent Special Elements
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Tampering, Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

6.2: Production API Gateway is not integrated with the AWS Web Application Firewall(WAF)

πŸ“˜ A production environment without WAF integration for the API Gateway can be susceptible to advanced threats, highlighting the criticality of safeguarding against harmful web requests.

  • Section: Networking
  • Severity: High
  • CWE: CWE-76 Improper Neutralization of Equivalent Special Elements
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Tampering, Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

Updated 6 months ago

What’s Next