Skip to main content
Contact us
Atlassian sunsets Data Center in March 2029 - discover what's next for your organisation.
arrow icon

Securing a leading SaaS web application with AWS WAF Managed Rules

Discover how Adaptavist helped a leading SaaS provider implement AWS WAF to protect their public-facing application from sophisticated threats whilst maintaining optimal performance.
Person in front of three arrows

Requirements at a glance

  • Enhanced protection against application-layer attacks and abusive traffic
  • Protection for admin paths and sensitive application inputs
  • Minimised false positives whilst maintaining high availability
  • Cost-effective security solution for 10,000 requests per hour
  • Automated security management with minimal operational overhead
Industry: Software-as-a-Service provider
Solution: AWS WAF with Managed Rules
Result: 100% threat blocking achievement
Key metric: Zero successful attacks

Summary

A UK-based SaaS provider processing approximately 10,000 requests per hour needed robust protection against increasingly sophisticated web application attacks. We worked with them to implement AWS WAF v2 with carefully selected Managed Rule groups, achieving complete threat protection within one month.
Our solution leveraged AWS's expert-maintained security intelligence while seamlessly integrating with existing DevOps practices. Through strategic rule deployment and continuous monitoring, our experts transformed the organisation's security posture while reducing operational complexity and costs.

The challenge

The organisation's public-facing application faced mounting security pressures that traditional network defences couldn't address effectively.
Sophisticated application attacks: Growing threat landscape targeting web application vulnerabilities
Administrative interface exposure: Critical admin paths required protection without impacting legitimate access
Attack volume management: High request volume (10,000/hour) created substantial attack surface
False positive balance: Need to block threats whilst maintaining seamless user experience
Two people in front of padlock
The security solution needed to address broader business concerns beyond technical protection. Customer trust remained paramount, with any security incident potentially damaging reputation and client relationships.
Regulatory compliance across multiple jurisdictions demanded robust security controls with comprehensive audit trails. The solution also needed to support business continuity, ensuring uninterrupted service delivery to thousands of users worldwide.
Two people holding hands
Sophisticated application attacks: Growing threat landscape targeting web application vulnerabilities
Administrative interface exposure: Critical admin paths required protection without impacting legitimate access
Attack volume management: High request volume (10,000/hour) created substantial attack surface
False positive balance: Need to block threats whilst maintaining seamless user experience
The security solution needed to address broader business concerns beyond technical protection. Customer trust remained paramount, with any security incident potentially damaging reputation and client relationships.
Regulatory compliance across multiple jurisdictions demanded robust security controls with comprehensive audit trails. The solution also needed to support business continuity, ensuring uninterrupted service delivery to thousands of users worldwide.
Two people in front of padlock
Two people holding hands
Sophisticated application attacks: Growing threat landscape targeting web application vulnerabilities
Administrative interface exposure: Critical admin paths required protection without impacting legitimate access
Attack volume management: High request volume (10,000/hour) created substantial attack surface
False positive balance: Need to block threats whilst maintaining seamless user experience
Two people in front of padlock
The security solution needed to address broader business concerns beyond technical protection. Customer trust remained paramount, with any security incident potentially damaging reputation and client relationships.
Regulatory compliance across multiple jurisdictions demanded robust security controls with comprehensive audit trails. The solution also needed to support business continuity, ensuring uninterrupted service delivery to thousands of users worldwide.
Two people holding hands

The solution

Our team implemented AWS WAF v2 as the foundation for a comprehensive web application security strategy, deployed on an internet-facing Application Load Balancer.
Core architecture components
The implementation utilised five key AWS Managed Rule groups, each addressing specific threat categories:
  • Admin protection rules: Secured administrative interfaces and sensitive application paths
  • Common rule set: Comprehensive OWASP Top 10 vulnerability coverage
  • IP reputation intelligence: Leveraged AWS's global threat data for known malicious sources
  • Known bad inputs protection: Blocked recognised malicious input patterns
  • SQL injection defence: Advanced protection against database injection attacks
Strategic implementation approach
Adaptavist delivered the deployment following a three-phase methodology designed to minimise risk whilst maximising security effectiveness.
Phase 1 - Sandbox validation: Initial rules deployed in count mode, establishing baseline threat patterns without production impact. This approach enabled comprehensive testing and false positive identification before affecting live traffic.
Phase 2 - Tuning and optimisation: Based on count mode data, rules underwent granular customisation aligned with application behaviour. Scoped exclusions protected legitimate traffic patterns whilst maintaining threat detection capabilities.
Phase 3 - Production deployment: Controlled transition from count to block mode, with real-time monitoring and immediate response capabilities fully operational.
DevSecOps integration
Security automation became central to the solution's long-term success. WAF configuration embedded within infrastructure-as-code practices, enabling version control and automated deployment alongside application releases.
Automated playbooks handled dynamic threat response, whilst continuous monitoring through CloudWatch provided real-time visibility into security events and performance metrics.

The result and business impact

Our AWS WAF implementation delivered measurable security improvements alongside operational efficiencies that exceeded initial expectations.
Security performance
  • 100% threat blocking rate achieved within first month of deployment
  • Zero successful attacks recorded against protected application
  • Comprehensive coverage of application-layer attack vectors
  • Minimal false positives maintaining optimal user experience
Operational excellence
The managed rule approach significantly reduced security administration overhead. AWS security experts maintained rule updates automatically, eliminating manual intervention for emerging threats.
CloudWatch integration provided comprehensive visibility into traffic patterns and threat activity, enabling proactive security posture management.
Business value realisation
Cost optimisation: Eliminated need for third-party security appliances, reducing both licensing costs and infrastructure complexity. Monthly security spend became predictable and scaled with usage.
Enhanced availability: Prevention of successful attacks improved overall application availability, directly supporting customer satisfaction and business continuity objectives.
Compliance support: Comprehensive logging and monitoring capabilities strengthened regulatory compliance posture, with detailed audit trails supporting governance requirements.
Person with graphs and charts

Key learnings and best practices

Implementation strategy
chevron icon

Implementation strategy

Count mode deployment proved essential for production readiness. Sandbox validation identified application-specific patterns that required tuning, preventing disruption to legitimate users.
Rule prioritisation delivered immediate value, with IP reputation and known bad input rules providing early threat reduction whilst common rule sets underwent application-specific customisation.

Operational integration

WAF configuration review alongside application releases ensured security controls evolved with application functionality. Version control and change management maintained consistency across environments.
Developer training enhanced overall security awareness, creating shared responsibility for application security across development and operations teams.

Monitoring excellence

CloudWatch alerts enabled proactive threat response, with automated escalation for high-severity events. Regular review cycles improved rule effectiveness through iterative tuning based on real-world traffic patterns.
Comprehensive logging to S3 supported forensic analysis and trend identification, enabling continuous security posture improvement.

Implementation strategy

Count mode deployment proved essential for production readiness. Sandbox validation identified application-specific patterns that required tuning, preventing disruption to legitimate users.
Rule prioritisation delivered immediate value, with IP reputation and known bad input rules providing early threat reduction whilst common rule sets underwent application-specific customisation.

Operational integration

WAF configuration review alongside application releases ensured security controls evolved with application functionality. Version control and change management maintained consistency across environments.
Developer training enhanced overall security awareness, creating shared responsibility for application security across development and operations teams.

Monitoring excellence

CloudWatch alerts enabled proactive threat response, with automated escalation for high-severity events. Regular review cycles improved rule effectiveness through iterative tuning based on real-world traffic patterns.
Comprehensive logging to S3 supported forensic analysis and trend identification, enabling continuous security posture improvement.

Looking forward

This implementation demonstrated the effectiveness of cloud-native security solutions in protecting modern SaaS applications. The combination of AWS expertise through managed services with Adaptavist's strategic implementation delivered measurable security improvements while reducing operational complexity.
The project's success highlights several critical success factors for similar implementations. Leveraging cloud provider security expertise through managed services reduces administrative overhead whilst maintaining cutting-edge threat protection.
Security-as-code principles ensure consistent, auditable security controls that evolve with application development. Continuous monitoring and improvement cycles maintain security effectiveness against evolving threat landscapes.
Future enhancements for the organisation will focus on machine learning integration for advanced threat detection and automated response capabilities, further reducing manual intervention whilst enhancing protection sophistication.

Planetarium
AWS WAF

AWS WAF Delivery Partner - proven security expertise

Adaptavist's status as an AWS WAF Delivery Partner demonstrates our proven capabilities in deploying robust security measures that protect your web applications from common threats. Leveraging extensive cloud expertise and certified professionals, we deliver end-to-end AWS solutions spanning migration, modernisation, management, and support—all designed to enhance your infrastructure while meeting your unique business requirements.
Discover our AWS solutions and expertisearrow icon

Do you have a SaaS application needs robust protection against evolving threats?

Contact Adaptavist today to discuss how we can help.
;