AWS Certified Security - Specialty | Protecting Against SQL Injection Attacks | Best Practices

Protecting Against SQL Injection Attacks

Question

An Enterprise organization underwent an extensive security audit for its applications.

An outcome of the audit is that the company must improve its protection against SQL Injection attacks.

Which of the following options can be implemented to overcome such issues? (Select TWO)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Answer: A and C.

Option A is CORRECT because you can deploy AWS WAF with the Application Load Balancer that fronts your web servers or origin servers running on EC2

You can selectively allow or deny access to specific parts of your web application.

You can also guard against various SQL injection attacks by creating match conditions and using the WAF rule to block requests that match the condition.

Option B is incorrect because AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.

Still, it would not assist in the prevention against the SQL Injection attacks on the application.

Option C is CORRECT because AWS WAF provides a SQL Injection Match Condition for detecting SQL Injection code and integrates with AWS CloudFront.

When you create a web ACL, you can specify one or more CloudFront distributions that you want AWS WAF to inspect, including SQL Injection.

Option D is incorrect because Amazon GuardDuty is a threat detection service that continuously monitors malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3

Still, it would not assist in the prevention against the SQL Injection attacks on the application.

Option E is incorrect because AWS Systems Manager allows us to view operational data from multiple AWS services and automate operational tasks across your AWS resources.

Still, it would not assist in the prevention against the SQL Injection attacks on the application.

Reference.

https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-load-balancers/ https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-awswaf.html

To improve protection against SQL Injection attacks, the following options can be implemented:

A. Use AWS WAF with Application Load Balancer: This option can be used to inspect and filter traffic based on predefined rules. AWS WAF (Web Application Firewall) provides a set of pre-configured rules that can be used to block common attacks such as SQL injection. When used in combination with Application Load Balancer, AWS WAF can inspect incoming traffic before it reaches the application servers. The benefit of using this option is that it can help prevent the injection of malicious SQL queries into your application, thereby reducing the risk of data theft or corruption.

C. Use AWS WAF with Amazon CloudFront: This option is similar to the previous one, but it uses Amazon CloudFront as a content delivery network to distribute content to users. When used in combination with AWS WAF, CloudFront can help protect the application against SQL injection attacks. The benefit of this option is that it can help protect your application from attacks that originate from outside your network.

B. Enable AWS Shield: AWS Shield is a managed service that provides protection against DDoS attacks. By enabling AWS Shield, your application can be protected against DDoS attacks, which can often be used to distract security teams and facilitate SQL injection attacks.

D. Use AWS GuardDuty: AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts for malicious activity. By using GuardDuty, you can detect and respond to SQL injection attacks in real-time. GuardDuty can also be used to detect other types of threats, such as unauthorized access attempts and crypto-mining activity.

E. Enable AWS Systems Manager: AWS Systems Manager is a management service that helps you automatically collect software inventory, apply patches, and configure operating systems and applications. While this service is not directly related to protecting against SQL injection attacks, it can be used to help ensure that your application servers are properly configured and up-to-date with the latest security patches, which can help reduce the risk of SQL injection attacks.

In summary, the two options that can be implemented to overcome SQL injection attacks are:

  • Use AWS WAF with Application Load Balancer
  • Use AWS WAF with Amazon CloudFront