Technical Articles
F5 SMEs share good practice.
cancel
Showing results for 
Search instead for 
Did you mean: 
Janibasha
F5 Employee
F5 Employee

This article is in continuation of the owasp web application security series and is intended to give insights into injection attack category. Check here for overview article.

Introduction to Injection vulnerability: 

An application is vulnerable to attack when: 

  • Provided data is not validated by the application.
  • User requested schema is not being analyzed before processing.
  • Data is used within search parameters to extract additional and sensitive records. 
  • SQL commands are used in dynamic queries and commands. 
  • If user tries to use Cross-site Scripting to get some unauthorized data. 

Some of the common injections are SQL, NoSQL, OS command, Object Relational Mapping (ORM), Etc. 

 

Step by step process:  

Version: Cloud Console at the time of article: crt-20220510-1579 

Step1:  

Login to distributed cloud console and navigate to Load balancers menu, then expand “Security” section and then click on “App Firewall” 

injection1.jpg

Step2:  

Click “Add App Firewall” button and provide some name. Keep default options and save new firewall. 

injection2.jpg

Step3:  

Navigate to Manage section and select “HTTP Load Balancers” in load balancers drop-down option.  

injection3.jpg

Step4:  

Select 3 dots available in Action column besides your application load balancer and select “Manage Configuration”. 

injection4.jpg

Step5:  

In top right corner click on “Edit Configuration” button and navigate to “Security Configuration” section available on left menu. 

Step6:  

Disable service policies, Bot-Defense and Rate-Limiting features. In WAF config section enable App Firewall and select your firewall created in Step2. “Save and Exit” the load balancer dialog. 

injection5.jpg

Step7:  

Copy the load balancer domain, open a browser and open the copied domain. Validate you can access your application. 

injection6.jpg

Step8:  

Next in browser URL, click on Sign-in button, add SQL injection attack script “or '1'='1” in email field, some random password and click on “Confirm” button. Validate your application is still accessible and request is not blocked with message of invalid email address. 

injection12.jpg

Step9:  

In cloud console page navigate to “Virtual Hosts” section and then select HTTP Load Balancers. Select “Security Monitoring” link for your application load balancer. 

In Dashboard validate new security events are generated with your IP and location. Navigate to the Security Events section and check the latest log request details.  

sql1.jpg

Solution:  

  1. To mitigate these injection attacks, navigate to Firewall section and in “App Firewall” configuration change “Enforcement Mode” to Blocking, keep default options in other fields and save firewall.  
    injection11.jpg  
  2. Next in browser try to pass above same SQL injection attack in username field of Sign-in page, validate your request is blocked and support-id is displayed in response as below: 
     
    broken.JPG
  3. In Distributed Cloud Console navigate to security events section, expand the latest requests, filter logs with your request-ID and validate you can see the request log as below: 

    injection13.jpg

     

Conclusion:  

As shown above, OWASP Top 10: Injection attacks can be mitigated by configuring WAF firewall in Blocking mode thereby preventing data breaches and even application downtime.  

Stay tuned for more exciting details on how F5 Distributed Cloud can protect your web applications against other OWASP top ten vulnerabilities.

 

For further information click the links below: 

  1. OWASP Top 10 - 2021 
  2. Configuring load balancer in cloud console 
  3. Security features in cloud console 
  4. Steps to delegate domain in cloud console 
Version history
Last update:
‎19-Apr-2023 03:49
Updated by:
Contributors