Forum Discussion

Nimbostratus

Apr 20, 2016

Adding parameters to a vulnerability

Hi all, What do you think is the best method to add different parameters to a known vulnerability. The scenario is that my vulnerability scanner detects an SQL Injection on the paramter "us...

ASM Advanced WAF

security

mortoj_167568

Altocumulus

Jun 22, 2016

One way would be: First verify you have the SQLi name in the Attack Signature Set you have configured for your security policy. If it's in your Signature Set then Application Security -> Parameters -> Parameter List -> Create (Create Parameter named "id") After entering the parameter criteria, there are three 'tabs' "Data Type" "Value Meta Characters" "Attack Signatures" Go into the "Attack Signatures" tab. You should see a box to the right that says "Global Security Policy Settings" with a list of Attack Signatures from your Signature Set. Below that box is a search box. Type in a portion of your SQLi name. If you find it, move it over to the left using the << Set the state to "Disable" - This will manually disable the chosen Attack Signature for the specific parameter.

This is one way to manually do what you're asking.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)