Analysis and development of a monitoring system for WAFs using AWS and ELK Stack

In the last two decades, websites and web applications have played an essential role in modern society since they allow information sharing, provide a service for business purposes, and connect with multiple people globally. Unfortunately, legitimate users are not the only source of traffic. Also, attackers and malicious bots can contribute a relevant share. For this reason, a web application needs to rely on a scalable, resilient, and fast infrastructure that provides security from cyberattacks. Companies could design their solution to resolve this security issue, but due to the complexity, cost, and effort that these architectures' implementation requires, often it is not the best choice. Instead, it is possible to rely on services offered by another company that will take the responsibility to provide the security needed by their websites and web applications. A web application firewall (WAF) is a cybersecurity solution that aims to analyze HTTP traffic to detect and filter malicious requests received by web applications. Since the WAF acts as a reverse proxy, users must pass through it to reach the web applications behind it. In this case, a WAF's malfunction can propagate to the protected services and cause downtime. The thesis aims to analyze and develop a monitoring system that could verify the accessibility of the customers' web applications, their configuration, and the overall health status of a WAF infrastructure that relies on services offered by Amazon Web Services (AWS) and Elastic Cloud. The solution would include periodic reports and alerting functionalities that can notify in case of malfunctions of varying severity. The goal is to improve the WAF's reliability through effective monitoring and timely response to issues to provide a step forward in the quality of service and the protection provided to the customer.