This repository documents the implementation of robust security measures for securing a REDCap web application deployed on AWS. Specifically, it covers how to mitigate Distributed Denial of Service (DDoS) attacks and protect against OWASP Top 10 web vulnerabilities using AWS Web Application Firewall (WAF) and Fortinet Managed Rules.
After deploying REDCap on AWS, I faced a significant security challenge: a DDoS attack. This project describes how AWS WAF, supplemented with Fortinet Managed Rules, was employed to enhance security, reduce malicious activity, and stabilize the application environment.
The REDCap deployment quickly became targeted by attackers, evident through:
- High HTTP 4xx error rates causing fluctuating server health.
- Frequent access attempts for sensitive or non-existent files.
- 404 errors for configuration files indicating malicious probing.
These issues were logged through AWS Elastic Beanstalk and CloudWatch logs.
AWS WAF served as the primary defense by inspecting traffic through a Web Access Control List (Web ACL) attached to the CloudFront distribution for REDCap.
- Prevented SQL Injection (SQLi) and Cross-Site Scripting (XSS).
- Controlled unauthorized access attempts.
- Preconfigured rules targeting OWASP Top 10 vulnerabilities.
- Efficiently addressed SQL injection, XSS, and broken access controls.
Recommendation: Subscribe to managed rules through AWS Marketplace to streamline security maintenance.
- AWS Shield: Mitigated volumetric DDoS traffic.
- AWS GuardDuty: Monitored suspicious activities in real-time.
- IAM Best Practices: Enforced least privilege access policies.
Ensured encryption at multiple levels:
- In Transit: HTTPS enforced.
- At Rest: Amazon S3 server-side encryption.
AWS WAF positioned between users and REDCap acted as the primary security gatekeeper. Traffic passing through WAF was vetted, malicious requests blocked, and legitimate requests allowed, stabilizing and securing the REDCap environment.
Since implementation:
- Improved Security: Reduction in SQLi, XSS, and unauthorized access attempts.
- Stabilized Environment: Reduced HTTP 4xx errors and increased application stability.
- Cost Efficiency: Optimized rule management to balance security and operational costs.
AWS WAF & Shield dashboards showing the effectiveness of implemented security measures.
Integrating AWS WAF with Fortinet Managed Rules substantially improved the security posture of the REDCap deployment, effectively mitigating DDoS attacks and OWASP Top 10 vulnerabilities.