Vulnerability ranking No.1 of Web application(from OWASP Top10 2013)
Japanese / English
ParnaWall is a cloud-ready database firewall that detects and protects "SQL injection" which is the most attack by information leak by Web application attacks.
It is a revolutionary solution against attacks that could not be prevented by conventional WAF (Web Application Firewall). In addition, its installation can be done easily.
Features of ParnaWall
It monitors the communication of SQL statements between the database and the application. (The internal verification detects and defends almost all attacks.)
With its own whitelist creation technology, it is possible to easily create and introduce a highly accurate whitelist.
It is possible to implement in about one-third of the price of the conventional WAF (Web Application Firewall).
ParnaWall was developed as a database firewall that detects and defends 'SQL injection' which was difficult to prevent with the conventional WAF.
The illustrations show the modules that consist ParnaWall.
ParnaWall uses its proprietary engine (PW IE: ParnaWall Intelligent Engine) to automatically generate configuration information, detect and prevent SQL injection attacks.
The database is an aggregation of personal information and confidential information such as my number and in-house documents, and its importance is increasing as time passes by.
Meanwhile, it is an urgent task to take measures against cyber attacks that are advanced and sophisticated with the development of Internet technology.
It is important to prepare to protect the database against any attacks such as "external attacks" (SQL injection, command injection, etc.) and "internal attacks" (privileged user illegal operation) via web applications.
Number of information leakage damage and its cause
SQL injection is the vulnerability of the most widely known Web application, which causes information leakage. Its attack is rising since the latter half of 2013.
| Time | Industries | Outflow Number | Cause |
|---|---|---|---|
| Year 2015 | Production and sales of pastry | Member about 210,000 cases | SQL injection attack from the outside |
| Year 2014 | Distance Education | Member about 2,900 million cases | Taking out of data illegally by outside temporary staff |
| Year 2014 | Airline | Member about 750,000 cases | Taking out of data illegally by outside temporary staff |
| Year 2013 | Rental of communication equipment | About 11 million cases (credit information) | SQL Injection attack from the outside |
| Year 2013 | Fashion communication site | About 20,000 cases (credit information) | SQL Injection attack from the outside |
| Year 2011 | Game | About 8,000 cases (personal information), about 10 million (credit information) | SQL Injection attack from the outside |
About attack situation of SQL Injection
SQL injection is the vulnerability of the most widely known Web application, which causes information leakage. (Source: OWASP)
| OWASP Top 2013 | A1 | Injection |
|---|---|---|
| A2 | Authentication and inadequacy of session management | |
| A3 | Cross-site scripting(XSS) | |
| A4 | Unsafe object direct reference | |
| A5 | Failure of security setup | |
| A6 | Exposure of confidential data | |
| A7 | Lacking of functional level access control | |
| A8 | Cross-Site Request Forgery (CSRF) | |
| A9 | Use of components that have well-known vulnerabilities. | |
| A10 | Unverified redirect and forward |
Current status of database security measures
Comparison between the traffic type WAF (Web Application Firewall) and the cloud type.
* ParnaWall is a cloud ready type.
Complex configuration change work of server and network is necessary.
Require initial cost of hundred and several hundred thousand yen to several million yen and support cost of hundred thousand yen or more per year.
To ensure stable operation, it is necessary to secure highly specialized engineers.
Less work on customer side, implementation is possible immediately.
In the case of ParnaWall, it is possible to implement in about one-third of the price of the conventional WAF (Web Application Firewall).
You do not need to hire a professional technician.
ParnaWall was developed as a database firewall that detects and defends 'SQL injection' which was difficult to prevent with the conventional WAF.
ParnaWall generates a filtering rule by its own SQL sentence analysis process and automatically generates a whitelist.
For the conventional WAF, it is difficult to cover the strings to be detected in the SQL syntax without omission, but ParnaWall detects and controls SQL statements that may be attacked even if they are SQL statements that match the whitelist rules.
ParnaWall provides a solution to optimize the environment for protecting data in real time and reduce the risk of information leakage by integrating the functions provided.
Modules that centrally manage ParnaWall engine and ParnaWall server
*For service providers and enterprise companies
Module that manages such as setting up ParnaWall engine and collecting logs
Module that controls and monitors SQL injection attack
| Overview | Database Firewall Own Engine(PW IE:ParnaWall Intelligent Engine)by automatic generation of setting information, Detection of attacks of SQL injection and the defence. |
|---|---|
| Function | ACL firewall |
| No Encryption | |
| No Segregation of duties | |
| Audit DBMS use the function of standard equipment | |
| Corresponding DB : Oracle、MS SQL、MySQL、PostgreSQL | |
| Alert Email : SNMP TRAP、SYSLOG | |
| Cloud environment : AWS, corresponding to various cloud environment such as MS Azure. | |
| Inspection mode : monitor mode/ firewall mode | |
| Installation configuration | bridge mode/ router mode/ proxy mode |
Address: 〒103-0013 Nihonbashi Ningyocho 3-3-9 Kume building 5F, Chuo Ward, Tokyo
Telephone: 03-6206-2066(TEL/FAX common)
MAIL: info@belue-c.jp
Joint research and development institution: University of Nagasaki Information Security Department Matsuda Laboratory