Posted on July 21, 2022
Hi. Dr. Zero Trust here. My fictional Juice Shop is under attack again, in another demonstration of how Ericom ZTEdge Web Application Isolation (WAI) protects web apps from OWASP Top 10 threats in ways that WAFs simply cannot. The Juice Shop, a purpose-built app that I created on the HyperQube test platform for demo purposes, is designed to be super vulnerable – to better demonstrate how powerful WAI protections are.
In this short demo, I’m illustrating how using SQL injection – one type of Injection, the #3 risk in the OWASP 2021 Top 10, a threat actor can log in to the Juice Shop via a mishandled request and get administrative access, enabling them to reach servers, systems and data. SQL Injection is just one of a number of types of injection attacks.
Insufficient validation, filtering or sanitization of user-supplied data and queries and/or calls that are used directly in the interpreter are among the flaws that leave apps vulnerable to injection attacks.
Ericom WAI, an innovative cloud-delivered security solution that isolates web/cloud applications and their APIs from cyber-threats, provides policy-based controls to prevent unauthorized access. In this demo, we show how WAI hooks into IAM providers to ensure strong authentication using MFA to prevent this type of injection attack.
Check out the demo right here to see how it’s done:
Regulated industries like healthcare and financial services are facing an increasingly complex regulatory environment.
Dr. Chase Cunningham demos how cybercriminals scan for open ports, a step typically used for reconnaissance to plan an attack and find vulnerable targets.
Dr. Chase Cunningham manipulates the source code to change session storage values and the token the fictional Juice Shop uses, then demos the WAI security solution.