1. Home
  2. Web Application Firewalls
  3. AWS WAF Reviews
  4. User Review of AWS WAF
Best Security Tool for Your Web Applications
November 26, 2020

Best Security Tool for Your Web Applications

Saim Jamali | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with AWS WAF

AWS WAF is basically implemented to secure the web applications. I have a positive experience using the AWS Web Application Firewall (WAF). It has many features to protect our applications and solutions. The good thing about AWS WAF is it has the most friendly APIs for developers to create firewall rules for the web application. That makes our applications secure.
  • AWS WAF has the most developer-friendly API to create firewall rules.
  • AWS WAF provides OWASP security controls, which reduces developers' burden (i.e., SQL injection and cross-site scripting).
  • AWS WAF has customizable web security rules. The user can even push the rules through the API available, which is the great feature and helped me a lot.
  • It protects applications at layer 7 (HTTP) of the OSI model and not just layer 4 (TCP).
  • Need to enhance OWASP standards.
  • We are limited to five rate-based rules per AWS account.
  • It is a little expensive but helpful in many ways to secure applications.
  • Instant ability to update and change the WAF--easy to update and deploy changes and then review. Brilliant integration with other AWS services.
  • It is easy to deploy.
There are a number of reasons to select AWS WAF. Most importantly, it easy to deploy. It helps programmers to protect against a wide range of vulnerabilities like injection attacks, DDoS, and many others from OWASP top 10. It allows us to set up rules and blocks any threats based on the configured rules. Based on the pattern of attacks, it is always easy to add another rule.
The product is highly scalable. It is easy to configure the rules and thereby helps us to mitigate many vulnerabilities.
The interface and programming of the firewall provisions were easy to setup. Amazon clearly spent a lot of time figuring this out and perfecting it. It allows users to do customized configurations based on their needs. It provides protection against a number of security issues like XSS, SQL injection, etc. I would definitely recommend this for protecting your infra as you scale, since this basically protects and filters all requests hitting your application server.
Very comprehensive support is available. The user community also available to help with AWS WAF. The vendor that helped us purchase this service was very cooperative and helped us at every point, especially at the time of deployment. Since then, we take lot of help from its different communities. The user support is an other key reason to select AWS WAF.

Do you think AWS WAF delivers good value for the price?

Yes

Are you happy with AWS WAF's feature set?

Yes

Did AWS WAF live up to sales and marketing promises?

Yes

Did implementation of AWS WAF go as expected?

Yes

Would you buy AWS WAF again?

Yes

AWS WAF is perhaps one of the best web application firewalls out there to date. Thankfully we have had no issues and we have been commended for using reputable vendors like AWS for security and privacy matters as part of our GDPR and ISO certifications. I would suggest that prospective customers use the CloudFormation templates provided by Amazon for creating the WAF.