How should the company resolve this issue?
Use AWS WAF in front of the ALB. Associate the appropriate web ACLs with AWS WAF.
Create an ALB listener rule to reply to SQL injections with a fixed response.
Subscribe to AWS Shield Advanced to block all SQL injection attempts automatically.
Set up Amazon Inspector to block all SQL injection attempts automatically.
Explanations:
Using AWS WAF (Web Application Firewall) allows the company to create rules that specifically filter and monitor HTTP requests. By associating appropriate web ACLs (Access Control Lists) with AWS WAF, the company can effectively mitigate SQL injection attacks by blocking malicious requests before they reach the ALB. This approach directly addresses the SQL injection vulnerability reported by the cybersecurity team.
Creating an ALB listener rule to reply to SQL injections with a fixed response does not prevent the SQL injection attacks from occurring. Instead, it merely responds to the requests without addressing the underlying vulnerability, allowing potential exploitation of the application. This option does not enhance security effectively.
AWS Shield Advanced provides DDoS protection but does not specifically target SQL injection vulnerabilities. While it can help mitigate some attacks, it does not offer the granular web application firewall features necessary to specifically filter and block SQL injection attempts, making this option unsuitable for resolving the reported issue.
Amazon Inspector is a security assessment service that helps identify vulnerabilities in applications but does not actively block SQL injection attempts. It is designed for assessment rather than real-time protection against specific attacks, thus failing to resolve the immediate vulnerability reported by the cybersecurity team.
I infer that the answer is:
Use AWS WAF in front of the ALB. Associate the appropriate web ACLs with AWS WAF.