Knowledge Base

Web Application Firewall (WAF)

To better protect your Bynder portal and to ensure a safer user experience for your users we have implemented Amazon's Web Application Firewall (WAF) into Bynder. Find out below how we keep your portal safe.

What is Amazon's Web Application Firewall

The Web Application Firewall implemented by Bynder is facilitated by Amazon and analyzes all the incoming traffic on our servers in real-time to protect you against common attacks, such as SQL injections, DDoS attacks and Cross-Site Scripting (XSS) that may compromise the security and affect the availability of our systems.

Find the top 10 security risks below that the AWS WAF, among other things, protects against:

  1. Injections

  2. Broken Authentication

  3. Sensitive Data Exposure

  4. XML External Entities (XXE)

  5. Broken Access Control

  6. Security Misconfiguration

  7. Cross-Site Scripting XSS

  8. Insecure Deserialization

  9. Using Components with Known Vulnerabilities

  10. Insufficient Logging & Monitoring

This list has been put together by the Open Web Application Security Project. Read more about it here.

At the same time, the WAF blocks excessive use of our resources by applying a rate limiting on the API, so that we can ensure seamless API performance for all our customers.

Read more about Amazon's Web Application Firewall here.

API Rate Limiting

API rate limiting is a common practice to offer and guarantee the same level of performance and service to our customers. The rate limiting ensures that our API resources are not consumed excessively, so that that you can utilize our API seamlessly.

We allow a number of 4500 requests in any five-minute time frame from a single IP address. When you have reached the maximum number of allowed requests the exceeding requests will be blocked. When a request is rejected you will receive the 403 (Forbidden, Request blocked) error returned via the API. If five minutes pass with no requests coming from your IP address the Web Application Firewall will lift the block and you will be able to send API requests again.

How to enable the Web Application Firewall

The WAF is enabled for clients who are on our CDN. No additional configuration is required. Are you not on our CDN yet? Contact your Customer Success Manager for more information.

Learn more