January 11, 2021
It’s often said that, “Defenders think in lists, adversaries in graphs.” Our adversaries are humans supported by bots and automation. As an enterprise defender, you are in a game with an adversary, so you need to start thinking and acting strategically with a long game in mind and a playbook to counter adversaries’ own plays. Trust me, your adversaries are doing this as we speak.
They have a mission, objective, a game plan and a set of trusted plays they run against enterprise networks. If you are building lists and checking boxes, you aren’t in the game – you are on the bench while the action is on the field of play … which happens to be your network, cloud assets, plants, partners, and supply chain. For instance, the attack surface is getting larger for the attackers to exploit and there are too many doors, windows and entry points. It is not a question of IF but WHEN and some of the latest include –
What is your playbook?
Many security products are point solutions, meaning they solve one problem, sometimes well, sometimes not. Unfortunately, point solutions are often easy for adversaries to bypass. The challenge enterprises face is there are so many products to address so many threats at different points in enterprise architecture, each with its own requirements for management, and poor native integration capabilities. One of many such vulnerabilities is “Injection.” SQL injection (SQLi) is a technique used to inject malicious code into existing SQL statements.
A code injection happens when an attacker sends invalid data to the web application with the intention to make it do something that the application was not designed/programmed to do. Perhaps the most common example around this security vulnerability is the SQL query consuming untrusted data. The core of a code injection vulnerability is the lack of validation and sanitization of the data used by the web application, which means that this vulnerability can be present on almost any type of technology.
Anything that accepts parameters as input can potentially be vulnerable to a code injection attack. SQL injection attacks can affect any application that uses a SQL database and handles data, including websites, desktops, and phone apps—with extremely serious consequences. These injections make it possible for malicious users to bypass existing security controls and gain unauthorized access to obtain, modify, and extract data, including customer records, intellectual property, or personal information. Attackers can also use this technique to locate the credentials of administrators and gain complete control over affected websites, applications, and database servers.
When managing a website, it’s important to stay on top of the most critical security risks and vulnerabilities. Preventing code injection vulnerabilities really depends on the technology you are using on your website. For example, if you use WordPress, you could minimize code injection vulnerabilities by keeping it to a minimum of plugin and themes installed. If you have a tailored web application and a dedicated team of developers, you need to make sure to have security requirements your developers can follow when designing and writing software. This will allow them to keep thinking about security during the lifecycle of the project.
We are as strong as our weakest link. Here are few actions we can take to prevent and detect injections: