Skip to main content

Application Load Balancer Is Not Protected By WAF

Overview

An Application Load Balancer (ALB) is responsible for distributing incoming web traffic across multiple targets, such as EC2 instances, to ensure optimal performance. This check verifies if the ALB is protected by AWS Web Application Firewall (WAF), a crucial security measure that helps safeguard your applications against common web exploits.

Without WAF protection, your applications could be vulnerable to threats such as SQL injection or cross-site scripting attacks. Ensuring your ALB is protected by WAF enhances security, compliance, and resilience against potential malicious activities.

Vendor

AWS

Cloud Service

ELBv2

CSMM v1 APP-03.3, ELB.16

Severity

3

Item Types

AWS::ElasticLoadBalancingV2::LoadBalancer