Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Automation of OWASP Injection mitigation using F5 Distributed Cloud Platform

Janibasha
F5 Employee
F5 Employee

‎07-Dec-2022 05:00 - edited ‎19-Apr-2023 03:39

Objective: 

The purpose of this article is to automate F5 Distributed Cloud Platform (F5 XC) detection and mitigation of OWASP TOP 10 Injection attacks and integrating code in GitHub. This article shows how we can use Terraform, Python and Github workflow to provide the flexibility of updating existing infrastructure after every change using CI/CD event triggers.

For more details about this feature please refer: Injection Attack Mitgation Article 

 

Introduction to Injection:

An application is vulnerable to attack when:  

  • The data provided is not validated by the application 
  • User requested schema is not being analyzed before processing 
  • Data is used within search parameters to extract additional and sensitive records 
  • If a user tries to use Cross-site Scripting to get some unauthorized data 
  • Some of the common injections are SQL, NoSQL, OS command, Object Relational Mapping (ORM), Etc. 

In this automation article we are trying to bypass password validation in a demo application using SQL Injection code. 

 

Design: 

  • For the purpose of reusability, I have separated demo application and F5 XC resources deployments in 2 different flows as below. 
    1. First, we are deploying a demo application (Juice Shop) as a docker container in AWS EC2 machine (if customer already has their application running, they can skip this and use their application public IP directly in below flow) 
    2. Once the demo app is deployed, we are using application public IP to configure the    origin pool, WAF and load balancer in F5 XC 
  • Once demo application and F5 XC resources are deployed successfully, python script is generating login request consisting of malicious SQL Injection. Once traffic is generated, F5 XC platform WAF will detect and block the malicious request. 
  • Finally, we are destroying the above resources using terraform 

Above workflow is integrated using GitHub Actions file which ensures dynamic deployment of the demo app and F5 XC load balancer which can be exposed using public domain name.

Injection-Attack.jpeg

 

Repo code URL: https://github.com/f5devcentral/owasp-injection-mitigation

 

Conclusion: 

In this article we have showed how we can leverage power of CI/CD deployment to automate end to end verification of injection attacks mitigation using GitHub Actions, Terraform and Python developed in a generic way where users can bring up the complete setup within a few clicks. 

 

For further information check the links below: 

  • F5 Distributed Cloud Platform (Link) 
  • F5 Distributed Cloud WAF Overview (Link) 
  • OWASP Injection Attacks (Link) 
Labels:
Version history
Last update:
‎19-Apr-2023 03:39
Updated by:
F5 Employee
Contributors
Copyright © 2023 Khoros, LLC