Ericom ZTEdge Named "Outperformer" on GigaOM Radar – Click Here! Learn How Web Application Isolation Secures 3rd Party/Unmanaged Devices – Click Here! Ericom Software and ZTEdge Win 5 Global InfoSec Awards – Click Here!

Addressing the OWASP Top 10 Application Security Risks with Web Application Isolation: #3 Injection

Author Avatar

by

Posted on July 21, 2022

Hi. Dr. Zero Trust here. My fictional Juice Shop is under attack again, in another demonstration of how Ericom ZTEdge Web Application Isolation (WAI) protects web apps from OWASP Top 10 threats in ways that WAFs simply cannot. The Juice Shop, a purpose-built app that I created on the HyperQube test platform for demo purposes, is designed to be super vulnerable – to better demonstrate how powerful WAI protections are.

In this short demo, I’m illustrating how using SQL injection – one type of Injection, the #3 risk in the OWASP 2021 Top 10, a threat actor can log in to the Juice Shop via a mishandled request and get administrative access, enabling them to reach servers, systems and data. SQL Injection is just one of a number of types of injection attacks.

Insufficient validation, filtering or sanitization of user-supplied data and queries and/or calls that are used directly in the interpreter are among the flaws that leave apps vulnerable to injection attacks.

Ericom WAI, an innovative cloud-delivered security solution that isolates web/cloud applications and their APIs from cyber-threats, provides policy-based controls to prevent unauthorized access. In this demo, we show how WAI hooks into IAM providers to ensure strong authentication using MFA to prevent this type of injection attack.

Check out the demo right here to see how it’s done:


Share this on:

Author Avatar

About Dr. Chase Cunningham

Creator of the Zero Trust eXtended framework and a cybersecurity expert with decades of operational experience in NSA, US Navy, FBI Cyber, and other government mission groups, Chase is responsible for Ericom’s overall strategy and technology alignment. Chase was previously VP and Principal Analyst at Forrester Research; Director of Threat Intelligence for Armor; Director of Cyber Analytics for Decisive Analytics; and Chief Cryptologic Technician, US Navy. He’s author of the Cynja series and Cyber Warfare: Truth, Tactics, and Strategies.

Recent Posts

Reducing Compliance Risk with WAI

Regulated industries like healthcare and financial services are facing an increasingly complex regulatory environment.

Addressing the OWASP Top 10 Application Security Risks with Web Application Isolation: #10 Server Side Request Forgery

Dr. Chase Cunningham demos how cybercriminals scan for open ports, a step typically used for reconnaissance to plan an attack and find vulnerable targets.

Addressing the OWASP Top 10 Application Security Risks with Web Application Isolation: #4 Insecure Design

Dr. Chase Cunningham manipulates the source code to change session storage values and the token the fictional Juice Shop uses, then demos the WAI security solution.