Heroku Database Firewall

DataSunrise has developed a database firewall for the Heroku cloud platform. The solution provides comprehensive database security in the cloud, protecting from exploiting SQL injection vulnerabilities, unauthorized access and blocking any transactions that are not in the whitelist for the particular environment. Database firewall is a robust tool to control access privilege and maintain reliable Heroku database security system.

Tech Info

Intelligent Heroku Protection

Heroku is a reliable cloud Platform-as-a-Service (PaaS) solution and it requires some additional tools to guarantee protection from hacking attacks and attempts of privilege abuse.

First steps of DataSunrise deployment include intelligent analysis of typical queries targeted to Heroku database. Learning mechanisms are flexible and can be adjusted to your corporate needs. According to set learning rules, DataSunrise creates a list of SQL statements that are used on a daily basis. Later this list will be used to detect suspicious activity and block attack attempts.

Installed as a proxy, Heroku database firewall by DataSunrise intercepts all incoming and outgoing traffic and filtrates transactions according to pre-set security rules. Potentially dangerous sources of transactions will be disconnected from the server or their session will be closed depending on what is chosen in the rule settings.

database firewall

Real-Time Heroku Security

SQL injection has become popular among hackers. There is even free software that automatizes the process of exploiting SQL injection vulnerabilities. Create a blocking rule and protect a Heroku web server from injections of different techniques (Boolean-based, time-based, error-based, UNION-query-based, stacked-query-based). Settings for the rule targeted to block SQL injections include the following parameters: penalties for comments, Or, UNION statements, double queries, keyword in comments, constant expressions.

Blocking rules are easily configurable. There is an opportunity to block queries from certain IP addresses or host names or set the firewall to block queries targeted to certain database elements, or filtrate selected types of SQL statements.

There is a helpful option to notify via SMTP or SNMP when a certain query doesn’t match security policy and triggers a corresponding rule.

DataSunrise is a tool that helps to address the HIPAA, SOX, PCI DSS requirements and can be used along with SIEM systems. Heroku database firewall developed by DataSunrise will help you manage security system and simplify the process of finding potential database vulnerabilities.

Related Articles