0

I have used API gateway to build business logic for my app that invokes the lambda function. For security assurance, I have generated a VAT report of the base URL of API from my cyber security expert. A total of 9 Vulnerabilities have been detected including Four Medium, three low-level, and two informational-level vulnerabilities have been identified.

  1. (CSP) Wild Card Directive
  2. Content Security Policy (CSP) Header Not Set
  3. Cross-Domain Misconfiguration
  4. Missing Anti-clickjacking Header
  5. Server Leaks Information via “X-Powered-By” HTTP Response Header Field(s)
  6. Timestamp Disclosure – Unix
  7. X-Content-Type-Options Header Missing
  8. Charset Mismatch
  9. Re-examine Cache Directives how can remove these all Vulnerabilities? is there a need to set or define custom headers? ( if yes then where and how I can do that, either be in API Gateway console or lambda script or in my client or app side code where this API Gateway base URL is invoking ) ?
Improve this question

1 Answer 1

Reset to default
1

One solution would be to integrate with AWS WAF for protecting your APIs against common web exploits.

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html

irt custom headers: https://aws.amazon.com/premiumsupport/knowledge-center/custom-headers-api-gateway-lambda/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.