Forum Discussion

Nimbostratus

Apr 20, 2016

Adding parameters to a vulnerability

Hi all, What do you think is the best method to add different parameters to a known vulnerability. The scenario is that my vulnerability scanner detects an SQL Injection on the paramter "us...

ASM Advanced WAF

security

Albert_252822

Nimbostratus

Apr 25, 2016

Hi mortoj, you are right. Attack signatures are not checked when the parameter type is defined because parameter values which don't match with the defined type aren't even evaluated, the request is rejected before that. I've tested it and it works in this way. The big question is what type of configuration is better to apply when you know your parameter has to be an integer value and also you know it's vulnerable to a specific vulnerability. My guess is that is better to define the "Data Type" so this parameter will be "protected" against more vulnerabilities...

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)