AWS WAF analysis: How it works and how to attack it

Introduction

AWS has been gaining traction in recent years as an all-in-one solution for cloud solutions. Their strength is that you only pay for what you run and that you can scale really quickly in case of a spike in traffic. Recently, for example, lambdas are taking over but this is not without risk. A lambda can be spun up quickly to catch any traffic spikes. The problem is that this is new technology and it is often misconfigured which allows attackers to run a companies bill sky-high.