Zero Trust Network Access (ZTNA)

Addressing the OWASP Top 10 Application Security Risks: #3 Injection

The fictional Dr. Zero Trust Juice Shop is under attack again, in another demonstration of how Ericom Web Application Isolation (WAI) protects web apps from OWASP Top 10 threats in ways that WAFs simply cannot. The Juice Shop, a purpose-built app created on the HyperQube test platform for demo purposes, is designed to be super vulnerable – the better to demonstrate how powerful WAI protections are.

In this short demo, we illustrate how using SQL injection – one type of Injection, the #3 risk in the OWASP 2021 Top 10, a threat actor can log in to the Juice Shop via a mishandled request and get administrative access, enabling them to reach servers, systems and data. SQL Injection is just one of a number of types of injection attacks.

Insufficient validation, filtering or sanitization of user-supplied data and queries and/or calls that are used directly in the interpreter are among the flaws that leave apps vulnerable to injection attacks.

Ericom WAI, an innovative cloud-delivered security solution that isolates web/cloud applications and their APIs from cyber-threats, provides policy-based controls to prevent unauthorized access. In this demo, we show how WAI hooks into IAM providers to ensure strong authentication using MFA to prevent this type of injection attack.

Check out the demo right here to see how it’s done:

Chase Cunningham

Chase Cunningham

Chief Strategy Officer | Ericom Software
Creator of the Zero Trust eXtended framework and a cybersecurity expert with decades of operational experience in NSA, US Navy, FBI Cyber, and other government mission groups, Chase is responsible for Ericom’s overall strategy and technology alignment. Chase was previously VP and Principal Analyst at Forrester Research; Director of Threat Intelligence for Armor; Director of Cyber Analytics for Decisive Analytics; and Chief Cryptologic Technician, US Navy. He’s author of the Cynja series and Cyber Warfare: Truth, Tactics, and Strategies.