Fortinet’s WAF rulesets are additional security signatures that can be used to enhance the protections included in the base AWS WAF product. They are based on the FortiWeb web application firewall security service signatures, and are updated on a regular basis to include the latest threat information from the award-winning FortiGuard Labs. Fortinet offers two Rulesets for AWS WAF that provide protection for Web and API applications. The Complete OWASP Top 10 Ruleset provides a comprehensive package for web application protection offered by Fortinet to help address the OWASP Top 10 web application threats. Includes protection for various Injection attacks such as SQL and command Injection , Cross Site Scripting, General and Known Exploits, Malicious Bots and Common Vulnerabilities and Exposures (CVE). The API Security Rule Set defends against attacks that target API Applications. Unlike traditional web application attacks, APIs require specialized rules to help defend against the OWASP Top 10 API threats. This rule group provides dedicated protection for REST based API applications for Injection attacks such, Cross Site Scripting, General and Known Exploits, Malicious Bots and Common Vulnerabilities and Exposures (CVE).