Bloon

Strengthening Security for Fintech App Bloon with AWS CloudFront

Contact us

Fintech

Industry

5 Experts

Team size

240 Days

Timeline

Bloon

Fintech

Industry

5 Experts

Team size

240 Days

Timeline

About Bloon

Bloon, a prominent fintech application, recognized the critical need to fortify its security measures to safeguard sensitive financial data and ensure uninterrupted service delivery. With AWS CloudFront, Bloon aimed to leverage advanced security features to mitigate potential threats and enhance its security posture and ensure uninterrupted service delivery.

Bloon, a prominent fintech application, recognized the critical need to fortify its security measures to safeguard sensitive financial data and ensure uninterrupted service delivery. With AWS CloudFront, Bloon aimed to leverage advanced security features to mitigate potential threats and enhance its security posture and ensure uninterrupted service delivery.

Tech Stack

Challenges

Bloon faced several security challenges:

  • 01. Protection of Sensitive Data
    Ensuring that financial data remains secure and inaccessible to unauthorized entities.
  • 02. Threat Mitigation
    Implementing measures to mitigate common threats like DDoS attacks, SQL injection, and cross-site scripting (XSS).
  • 03. Regulatory Compliance
    Adhering to industry regulations such as PCI DSS to maintain trust and credibility among users.
  • 04. Continuous Monitoring
    Establishing a system for real-time monitoring and logging to promptly detect and respond to security incidents.

Solutions

Bloon implemented a comprehensive security strategy using AWS CloudFront:

  • 01. Implementation of Origin Security Features

    1.1 Origin Access Identity (OAI) for S3
    • Bloon configured an Origin Access Identity (OAI) and associated it with the CloudFront distribution to restrict direct access to the S3 bucket containing static content.
    • A bucket policy was implemented to allow access only to requests originating from CloudFront, enforced through the OAI.
    1.2 Security Groups and NACLs for EC2
    • Security groups were configured for EC2 instances hosting dynamic content, permitting inbound traffic solely from CloudFront IP ranges and blocking direct access.
    • Network ACLs were utilized at the subnet level to impose additional security controls and restrict unauthorized access.

      1.3 Custom Headers for Origin Validation
    • CloudFront was configured to include a custom header (X-Origin-Auth) with each request to the origin.
    • Bloon's application server validates the presence and value of the X-Origin-Auth header to ensure requests originate from CloudFront, enhancing origin validation.
  • 02. Implementation of Application Firewalls @Edge using AWS WAF

    2.1. AWS WAF Configuration
    • Bloon created a Web Application Firewall (WAF) ACL and associated it with CloudFront to filter incoming requests.
    • AWS Managed Rules were enabled to protect against common threats such as SQL injection and XSS, providing immediate security against known vulnerabilities.
    2.2 Custom Rules
    • Custom rules were established to implement rate limiting, restricting the number of requests from a single IP address to mitigate DDoS attacks.
    • Geo-blocking was employed to block requests from specific countries known for malicious activity, reducing the risk of potential attacks.
    2.3. Logging and Monitoring
    • Bloon enabled logging for the Web ACL, directing logs to an S3 bucket for analysis and auditing.
    • CloudWatch alarms were configured using WAF metrics to alert administrators of anomalous activity, such as spikes in blocked requests, facilitating prompt response to potential threats.

Results

The implementation of AWS CloudFront’s advanced security features yielded significant outcomes for Bloon:

Bloon enhanced data security by effectively protecting sensitive financial data from unauthorized access and potential breaches. It successfully mitigated common threats like DDoS attacks, SQL injection, and XSS, ensuring service integrity and availability.

By achieving compliance with PCI DSS, Bloon fostered trust and credibility among users and regulatory bodies, and established a proactive security posture with real-time monitoring and response capabilities.

Get PDF

10X

Protection against DDoS attacks. Mitigate DDoS attacks by distributing traffic across multiple edge locations.

50%

Reduction in latency. Faster load times and reduced latency enhanced user satisfaction.

60%

60% reduction in bandwidth costs. Efficient caching reduced the load on origin servers, leading to lower operational costs.

99.99%

Improved Uptime to 99.99%. With over 300 edge locations globally, it ensures low latency and high availability.

Results

10X

Protection against DDoS attacks. Mitigate DDoS attacks by distributing traffic across multiple edge locations.

50%

Reduction in latency. Faster load times and reduced latency enhanced user satisfaction.

60%

60% reduction in bandwidth costs. Efficient caching reduced the load on origin servers, leading to lower operational costs.

99.99%

Improved Uptime to 99.99%. With over 300 edge locations globally, it ensures low latency and high availability.

By achieving compliance with PCI DSS, Bloon fostered trust and credibility among users and regulatory bodies, and established a proactive security posture with real-time monitoring and response capabilities.

Get PDF

India

SDF L-1, NSEZ,
Sector 81, Block L, Phase-2,
Noida, Uttar Pradesh-201305

USA

OnGraph Technologies,
120 Bethpage Rd, Suite 304,
Hicksville, NY 11801, USA

Canada

7-1039 CEDARGLEN GATE,
Mississauga, Ontario,
Canada L5C 3A7

UK

89 Banstead Road South,
Sutton, Surrey, SM2 5LH
United Kingdom

Malaysia

G-3A, Amaya Maluri, Jalan
Jejaka 2, Taman Maluri,
KL–55100, Malaysia

Singapore

10 Anson Road,#26-04
International Plaza,
Singapore (079903)

Let's Talk