07-Dec-2022 05:00 - edited 19-Apr-2023 03:39
Objective:
The purpose of this article is to automate F5 Distributed Cloud Platform (F5 XC) detection and mitigation of OWASP TOP 10 Injection attacks and integrating code in GitHub. This article shows how we can use Terraform, Python and Github workflow to provide the flexibility of updating existing infrastructure after every change using CI/CD event triggers.
For more details about this feature please refer: Injection Attack Mitgation Article
Introduction to Injection:
An application is vulnerable to attack when:
In this automation article we are trying to bypass password validation in a demo application using SQL Injection code.
Design:
Above workflow is integrated using GitHub Actions file which ensures dynamic deployment of the demo app and F5 XC load balancer which can be exposed using public domain name.
Repo code URL: https://github.com/f5devcentral/owasp-injection-mitigation
Conclusion:
In this article we have showed how we can leverage power of CI/CD deployment to automate end to end verification of injection attacks mitigation using GitHub Actions, Terraform and Python developed in a generic way where users can bring up the complete setup within a few clicks.
For further information check the links below: