Hello Guys, I don’t know if i sound lame but i need your help and guidance to protected my infra. Basically we hosted Mobile application on AWS Platform and using Cloudflare firewall as protection. Question is how can i protect my mobile application, which rules i need to configure? If end user pass wrong input/injection how the CF WAF will protect my mobile application server hosted on AWS.
Since you’re talking about a client application making requests to your server over HTTP, you just need to have your server software (the application backend itself) validate the input. Make sure emails are formatted as emails, usernames as alpha-numeric text (US alphabet only, unless your DB software and application code can handle non-ascii characters), etc. Modern frameworks usually do this for you, but better safe than sorry to check.
Also don’t count on your clients being trustworthy. All applications, even those only on mobile, can be analyzed to learn how your API works and then exploited by both good-willed actors (seeing if anything is insecure for the purpose of letting you know of any security flaws) and malicious actors (looking for vulnerabilities in order to exfiltrate data or bring down the server). So make sure your application is checking and sanitizing inputs before saving them to the database or saving .
The Cloudflare WAF firewall does help with protecting from common attack vectors in frameworks and application code, but it shouldn’t be your only line of defense. Protection at all layers of the connection will make your application resilient.
This topic was automatically closed after 30 days. New replies are no longer allowed.