WAF Firewall: AWS fixes a patch that caused the WAF to be SQL Injection
November 06, 2021

WAF Firewall: AWS fixes a patch that caused the WAF to be SQL Injection

According to the latest report from many researchers in the field of security and cybersecurity around the world, different organizations have simultaneously announced the discovery of a serious security vulnerability that appeared shortly after the security patch. for the Amazon Web Service (AWS) WAF Firewall system. This vulnerability exposes tens of millions of corporate customers to the risk of network attacks using SQL Injection methods.

WAF Firewall AWS System Damage Patch

In 2013, author Roberto Salgado presented a presentation at Blackhat, titled "SQL Decryption and Optimization Techniques" that presented many bypass methods and techniques. of the server security system against SQL Injection attacks, with a particular focus on methods of impacting MySQL and MariaDB.

As soon as the presentation was completed, security and system services organizations around the world immediately developed measures to prevent and prevent intrusions from these methods, but no one could have predicted it. consequences far greater than imagined.

Bản vá bảo mật của AWS cho hệ thống WAF Firewall của mình khiến hàng chục triệu daonh nghiệp đứng trước nguy cơ bị tấn công

AWS security patch for its WAF Firewall system puts tens of millions of businesses at risk of attack

This attack method is the best gift for hackers, as it allows the possibility of valid SQL syntax even though it is not valid at all. Causing fatal confusion for security measures on the system and easily bypassing them, without any alarm to the information security team of enterprises.

Vulnerability appeared shortly after updating the patch for WAF AWS

In his post on August 16, 2021, Gosecure - a white hat hacker organization confirmed a serious security vulnerability that appeared shortly after updating the security patch for the AWS WAF Firewall system.With the same intrusion technique, the organization further tested and continued to discover that ModSecurity's WAF Firewall - a popular web application firewall system for the Apache and Nginx platforms - had the same problem.

Amazon Web Service (AWS) with its CDN content delivery network service - CloudFront has a built-in traditional technology WAF Firewall with predefined security rules that help protect our business customers this unit against attack threats.

But after the system update patch, the rules built by AWS for SQL Database were easily bypassed with SQL Injection attack method, exposing all data of enterprise customers. CloudFront services against the risk of theft and compromise.

Các hệ thống WAF Firewall công nghệ cũ không thể ngăn chặn được các mối đe doạ bảo mật ngày càng tinh vi

Older technology WAF Firewall systems cannot stop increasingly sophisticated security threats

Attackers often use bypass methods to bypass traditional WAF firewalls, to avoid detection in system intrusion campaigns of businesses that use WAF firewalls to protect website systems and their applications. The legacy WAF firewall works by comparing per-transaction API and application traffic.

Without the right set of rules, malicious queries can be easily allowed by the system to go to the server origin system in the wild.This is an ineffective method of operation in WAF firewalls because all system activity stops at searching and blocking queries to the "supposedly harmful" system.

Consequences of using the WAF Firewall system that does not meet security standards

For organizations that build or integrate custom applications and APIs (Application Programming Interfaces) on their systems, the legacy WAF Firewall system provides very low system protection.Even in many cases, the WAF Firewall system reports a large number of false positives, wasting the resources and effort of the information security team in sorting, identifying, and processing. security errors reported by the system.And this happens very often in older technology WAF Firewall systems.

The problem is even worse when organizations accept the shortcomings of the old technology only to put the WAF firewall in passive mode.That is, WAF Firewall only reports vulnerabilities and security breaches on the system, but does not actively block these queries even though they are identified as bad and malicious queries.

Attacking security holes through the SQL Injection attack method is one of the most used attack methods by hackers.And it is very effective with the ultimate goal of the attackers to steal the contents of the database on the system.

Immediately after the disastrous security patch from AWS, the WAF Firewall system was completely unable to prevent security breaches on the system by means of SQL Injection. AWS's system security firewall is like a 'just stay there', and this has the same serious consequences as not using a WAF firewall on an enterprise's servers.

What should businesses using the AWS WAF Firewall service do to minimize damage?

It's almost impossible for businesses using AWS's CDN transport service to do more than check the access logs on the server system, and build additional security measures for the website and application systems. use against existing threats in cyberspace.

The consequences of bypassing the protections provided by Amazon's WAF firewalls are enormous.The WAF firewall can hide code errors and vulnerabilities in applications and software on the system by blocking malicious queries to the system before they reach the websites and applications that WAF is running. guard.The fact that the WAF Firewall system is bypassed by hackers will expose many newly discovered errors on enterprise web application systems.

Enterprises need to strengthen testing and scanning for security holes on their systems, regularly perform internal penetration tests (Internal Pen Testing) to detect risks before being attacked by groups. Hackers find out.

No piece of code on a system is secure, and no application is completely free of security holes. Therefore, businesses need to build a security solution with many layers of protection for the system to monitor, detect and prevent as soon as possible abnormal traffic, vulnerabilities on the site, and viruses. security breach on the system.

About Cloud WAF solution at VNETWORK

With the strong development of the Internet platform, the tremendous explosion of the number of users has made businesses realize a "new continent" for their business activities and brand development.And along with it is the birth of more and more types and methods of cyberattacks to steal data, extort money on a large scale, difficult to detect, and cause serious consequences when they are successfully executing the penetration process.And with businesses still using old technology security methods, it will be difficult for us to protect the integrity of the system and the most important data it is storing.

VNETWORK understands the difficulties of businesses, when dealing with security challenges, when operating in the digital space, our team of programmers with many years of experience both at home and abroad have worked together to build and develop, continuously updating and improving technology to be able to provide an effective and comprehensive security solution to protect the systems of enterprises.

Cloud WAF - VNETWORK's web application firewall is developed by artificial intelligence AI technology to automatically analyze all query requests to the system before blocking or allowing them to reach the origin server. Combined with our global Multi CDN content delivery network, it provides the largest anti-DDoS (denial of service) attack solution, ensuring normal operation. of the website system even during the time of the attack.

Our WAF VNIS firewall has comprehensive security capabilities for enterprise systems. It can automatically detect and prevent all breaches and security vulnerabilities on the OWASP TOP 10 ranking of the most serious security vulnerabilities in 2021: Broken Access Control, Cryptographic Failures, SQL Injection,...

The system automatically monitors security, analyzes, and reports detailed status when a security breach occurs on the system thanks to the SIEM network security monitoring dashboard with the ability to collect and analyze all factors are taking place in the system, thereby ensuring the highest quality of the enterprise website system when on its development journey on the digital platform.

In addition, with the increase in the security needs of enterprises, VNETWORK has continuously developed and launched solutions for transmission and system security with the latest technologies to best service for our partners operating on digital platforms:

VNCDN - Solution for content transmission and website acceleration by CDN (Content Delivery Network) technology with the ability to receive nearly 3 million simultaneous user visits to the system.

VNIS - A comprehensive security solution for corporate website systems, controlling and preventing security holes and malicious data collectors. With a global CDN system of up to 2600Tbps and the ability to integrate global CDN providers into a giant Multi-CDN system, it helps to optimize the transmission performance of the website system. both help against traffic attacks (DDoS, DoS) effectively.

Related Posts
Web Application Firewall Benefits - WAF và những lợi ích mà nó mang lại
Vnetwork|January 15, 2022
Web Application Firewall Benefits - WAF và những lợi ích mà nó mang lại

Web Application Firewall Benefits - Lợi ích từ tưởng lửa ứng dụng web đem lại với rất nhiều khả năng phòng thủ chống lại các cuộc tấn công.

© 2019 VNETWORK JSC. All Rights Reserved

VNETWORK Joint Stock Company

Unit 23.06, 23rd Fl, UOA Tower, 06 Tan Trao St, Tan Phu Ward, Dist 7, Ho Chi Minh City

Enterprise Code: 0312353730 - 03/07/2013

Registration Division: Department of Planning and Investment of HCMC

Powered by VNETWORK