Azure Azure Security Center exhibits Logic Apps Security Center

Azure Security Center Exhibits from the field – Detecting SQL Injection with Advanced Data Security

julkaissut Joosua Santasalo
Comments 0

Background

I recently wrote about top-3 benefits of Azure Security Center, one of the benefits was advanced alerting which is true hidden gem. I’ve decided to gather some exhibits of such events into this short blog series. As with this exhibit its clear that Azure Security Center is well suited for securing PaaS workloads in Azure, which is the topic covered in this blog

Before proceeding, be sure to check the long list of alerts made available by Azure Security Center Standard alerts list at docsmsft.

https://docs.microsoft.com/en-us/azure/security-center/alerts-reference

Detecting SQLI

What is SQLI?

In short SQLI can be described as malicious code thats ”smugled” as part of often un-sanitized user input, via many of the available user input methods found in typical website

  • There is good description also available at docs@msft
https://docs.microsoft.com/en-us/sql/relational-databases/security/sql-injection

Whats needed?

https://docs.microsoft.com/en-us/azure/azure-sql/database/advanced-data-security

Exhibits (What happens when such event occurs)

SQL.DB_PotentialSqlInjection

I am currently testing Azure Logic Apps as possible attack vector, and how to detect such attacks with Advanced Threat Protection in Azure Security Center

  • Below is example of the very simple SQLI from un-sanitized user input that gets translated to SQL query, which I am passing from my NodeJS app.
  • Its translated into SQL query action in Azure Logic Apps

Alerting

  • In this case the culprit was me once again (surprise surprise…)
    • Teams alert arrived upon the attempt of SQLI
  • If we select Triage, we can see the whole event in Azure Security Center with causes and all
Potential causes
Defect in application code constructing faulty SQL statements; application code doesn't sanitize user input and was exploited to inject malicious SQL statements.

Vulnerable statement
SELECT * FROM users WHERE username = 'admin'--' AND password = 'password'

References

alerting

Teams integration

Till next time!

0 comments on “Azure Security Center Exhibits from the field – Detecting SQL Injection with Advanced Data Security

Vastaa

Täytä tietosi alle tai klikkaa kuvaketta kirjautuaksesi sisään:

Gravatar
WordPress.com-logo

Olet kommentoimassa WordPress.com -tilin nimissä. Log Out /  Muuta )

Facebook-kuva

Olet kommentoimassa Facebook -tilin nimissä. Log Out /  Muuta )

Peruuta

Muodostetaan yhteyttä palveluun %s

%d bloggaajaa tykkää tästä: