Logo Logo
  • Home
  • Modshield SB
  • services
    • Application Security Testing
    • IoT Security Testing
    • Infrastructure Security Testing
    • Testing for Compliance
    • Red Team Exercise
    • Performance Testing
  • Training
    • Cybersecurity Awareness Program
    • Cybersecurity For Developers(Web Application)
    • Cybersecurity For Developers(Mobile Application)
  • Resources
    • Blog
    • CyberNews
  • About
    • Partners
    • Contact

AWS WAF Alternate – Modshield SB WAF(Web Application Firewall)

  • Home
  • Blog Details
December 7 2021
  • Blog

Amazon Web Services (AWS) offers a product called CloudFront, which, when combined with AWS WAF, helps businesses protect their web applications from intrusion. However, during an engagement, it was discovered that the “SQL Database” payload could be bypassed.

AWS WAF Alternate - Modshield SB WAF(Web Application Firewall)
AWS WAF Alternate

Why Modshield SB is a great AWS WAF alternate?

When Modshield SB(Our very own Web Application Firewall) encounters, the same payload is blocked by sensing the vulnerability and returns a 403 error message.

Payload:

Normal SQL Injection Payload:

Using the ‘id’ “value” as ‘ or 1 =1 — – => Brings the same content on the vulnerable page

Without firewall:

GET /vulnerabilities/sqli/?id=%27%20or%20%27%27%20=%20%27%20–%20-&Submit=Submit HTTP/1.1
Without the protection of the firewall, the SQL payload executes successfully and renders the page as it is.

Without the protection of the firewall, the SQL payload executes successfully and renders the page as it is.

With MODSHIELD SB:

Scientific Notation Payload:

‘ or 1.e(”)=’ — – => processed successfully and brings the contents of the page as it is

Without firewall:

GET /vulnerabilities/sqli/?id=%27%20or%201.e(%27%27)%3D%27%20–%20-&Submit=Submit HTTP/1.1
Without the protection of the firewall, the SQL payload executes successfully and renders the page as it is.

With firewall:

Modshield SB defends the payload whereas the AWS WAF fails to do so.
Modshield SB defends the payload whereas the AWS WAF fails to do so.

From the above elucidations, we can find that Modshield SB defends the payload whereas the AWS WAF fails to do so.

MODSHIELD SB WAF also defends against a wide range of web-based instructions and attacks that target applications hosted on the cloud and web applications. Modshield SB scans both inbound and outbound traffic, thereby protecting the user from attacks and preventing data loss (DLP). In addition, MODSHIELD SB protects from cross-site scripting (XSS), Server-side request forgery (SSRF), Sensitive data exposure, and other malicious attacks by hackers that compromise the privacy and integrity of sensitive data.

Previous Post Next Post

Leave a Comment

Recent Posts

  • Cyber-Attacks on the British Airways, Boots and BBC
  • The digital world relies on AI and biometrics for authentication
  • Moving target defence (MTD), a cybersecurity tactic can protect the critical system in the air defences.
  • Cyber Threat Intelligence (CTI): How to efficiently use a Threat Intelligence Platform (TIP)
  • Choosing a SAST solution: key considerations

Recent Comments

No comments to show.

Archives

  • June 2023
  • May 2023
  • July 2022
  • June 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • June 2020

Categories

  • Blog
  • CyberNews
  • News
© Copyright 2020. Anada WordPres Theme By WordPressRiver