Vendor services misconfigurations

API Gateway is not using AWS WAF

Risk Level

Informational (4)

Platform(s)

Description

API Gateway {AwsApiGatewayEndpoint} is not using Web Application Firewall (WAF). WAF helps protect APIs from common web exploits
  • Recommended Mitigation

    We recommend to associate API Gateway stages with WAF Web ACL to protect APIs