Protecting Budgetao Web services on AMAZON AWS

State of business prior to engagement
Before moving to AWS, SeekingAlpha were operating in private colocation-based environment while utilizing multiple database technologies such as mySQL and PostgreSQL.

Problem statement
As Budgetao is “Hot” target for attackers they needed an easy deployment for protection against common attacks, analyze web logs and identify malicious requests and automatically update security rules.   

Technical solution
AWS support and provide pre configured AWS CloudFormation templates to support such requirements with AWS WAF. The template used for this use case includes a set of AWS WAF rules, which has been customized to best fit Budgetao’s needs. Designed to block common web-based attacks. The rules help protect against bad bots, SQL Injection, Cross-site scripting (XSS), HTTP Floods, and known attacker attacks.

Budgetao is using EC2 instances to run their Web site content, S3 buckets to store all access logs behind CloudFront distribution to enable low latency and caching capabilities for their global customers. All logs are parsed using AWS Lambda functions and Amazon API Gateway to support additional AWS Lambda function to “catch” Bad Bots”. Rules are automatically updated from public reputation lists using scheduled other AWS Lambda functions.

Web site migration and all components for protecting the Web service implementation completed on same day.
AWS Rout53 enabled the customer to do all testing and route new connections to the new Budgetao web site after testing within minutes and without problems.


Budgetao SaaS streamlines budget planning with features such as real-time collaboration, instant insights, and tools for budget modeling. Users can communicate with teams and co-edit budgets in real time to stay abreast of the latest updates, track the approval status of budget lines, and discuss budgets with co-workers. Users can also get a clear view of budget plans and execution with the budget dashboard..