hands-on lab

Preventing Code Injection Vulnerability using Azure WAF on Application Gateway

Up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

Azure WAF Policies are pre-configured groups of rules that can be applied to an application to protect it from common exploits and vulnerabilities. WAF Policies can be applied to an application gateway or a front door to protect web applications from malicious attacks.

Organizations can also create custom WAF Policies to protect against specific threats. Custom WAF Policies can be created using the Azure Portal, Azure CLI, or Azure PowerShell. Custom WAF policies can help protect against common attacks such as SQL injection, cross-site scripting, and cross-site request forgery.

In this lab, students will create a WAF policy custom policy to identify and block code injection attacks and then test the rules using a simulated code injection attempt.

Learning objectives

Upon completion of this advanced-level lab, you will be able to:

  • Create Web Application Firewall (WAF) Policies.
  • Associate WAF Policies with Application Gateway
  • Create Custom WAF Policies
  • Secure Applications with Custom WAF policies to prevent malicious attacks.

Intended audience

  • Candidates for Azure Security Engineer Associate (AZ-500)
  • Cloud Architects
  • Security Engineers
  • Network Engineers
  • Cloud Administrators


Familiarity with the following will be beneficial but is not required:

Environment before

Environment after

About the author
Learning paths

Parveen is an Azure advocate with previous experience in the professional consulting services industries. He specializes in infrastructure and DevOps with a wide range of knowledge in security and access management. He is also an Azure Certified - DevOps Engineer Expert, Security Engineer, Developer Associate, Administrator Associate, CompTIA Certified - Network+, Security+, and AWS Cloud Practitioner.
Parveen enjoys writing about cloud technologies and sharing the knowledge with the community to help students upskill in the cloud.

Covered topics
Lab steps
Logging in to the Microsoft Azure Portal
Creating the Azure Web Application Firewall Policy Using the Azure Portal
Creating and Validating a Custom Rule for WAF Policy