Many readers have heard that SafeLine has excellent protection capabilities, but they do not usually know the exact effectiveness of the protection. So in this article, we're going to do a test for its protection capabilities.
Here, I prepared a demo of SQL attack requests. The attack commands involved are only for learning purpose.
About SQL Attacks
They mainly target applications that use Structured Query Language (SQL) for database operations. By exploiting improper handling of user input data by the application, attackers can inject malicious code into SQL queries to achieve malicious purposes.
Steps
- To test this attack, we set up a test environment, DVWA. You can search for it if needed.
- Input 1: First Test the Output
Based on the output, it can be inferred that the backend code for this query might be something like, “SELECT first_name, last_name FROM users WHERE user_id = ‘$id’;”
If this were a real business scenario and the business side did not do proper secure coding, a hacker could exploit this point for injection, potentially causing significant harm.
- Malicious Attack Example For instance, to get the current database: As shown in the figure, input: 1’ UNION SELECT 1, database() # for injection, and you can get the current database information. This proves that the injection was successful, and we will not delve further into subsequent injection operations.
- Using SafeLine WAF What happens when using SafeLine? Can it block in the case where the business itself has vulnerabilities? First, configure the site and connect the test environment.
- Input Again
It is directly blocked by SafeLine, making it impossible to obtain valid information, send the attack to the server, or exploit the SQL attack vulnerability.
- Check Logs
Conclusion
This example is very simple and only for your reference.
It aims to illustrate that when the business system itself cannot guarantee whether there are vulnerabilities and injection points, using a WAF product first is a cost-effective measure. It adds an extra layer of request testing protection to the business. SafeLine WAF is a good option, as it is easy to deploy and manage.
Website:https://waf.chaitin.com/
Github:https://github.com/chaitin/SafeLine
Discord:https://discord.gg/dy3JT7dkmY
Top comments (0)