Injecting RASP (Runtime Application Self Protection) Security into Tornado Demo Vuln App
Tornado Demo Vulnerable Application to test SQL injection vulnerability and patch it using RASP (Runtime Application Self-Protection)
Tornado Demo Vulnerable Application: Support Python 2.x & 3.x RASP: Support Python 3.x only
How RASP works with the Demo Vuln App?
1.Hooking DbApi2 Call for execute() instruction. 2.Extract the Query from the execute (query) For example Query= SELECT * from users where userid=1 3.Lexical Analysis and token generation for the Query extracted from the execute() instruction Using Lexer convert the query into token Token = ['KEYWORD', 'WHITESPACE', 'OPERATOR', 'WHITESPACE', 'KEYWORD', 'WHITESPACE', 'STRING', 'WHITESPACE', 'KEYWORD', 'WHITESPACE', 'STRING', 'OPERATOR', 'NUMBER'] 4.Run RASP in Learning mode to make it understand what is the Correct user input structure that need for application to work. 5.RASP will automatically insert the rules into separate database i.e rules.db while in Learning mode 6.Once application is reach the learning mode limitation i.e threshold limit, it will block no more rules to insert into rules database while in leaning mode. In my RASP Model, threshold limit for rules to insert into rules.db is 2 for demo purpose. so only two rules are allowed in rules database. 7.So now, we have have the rules ready to block SQL injection attack :) 8.Check the below video to see how it works... :)
- FOS Team : Fools of Security