Forum Discussion

Nimbostratus

Oct 26, 2015

Apply ASM attack signatures to URLs?

Hi, Is it possible to apply ASM attack signatures detection to URLs? This is the scenario I am trying to solve: 1) Assume we have a RESTFul web service that returns user details given a use...

ASM Advanced WAF

security

Dan_Markhasin_1

Nimbostratus

Oct 27, 2015

The thing about meta characters is that none of the characters used in the SQL Injection attack are actually invalid. They are all legitimate characters that can be found in URLs, especially in APIs that support ODATA filters - theoretically, for such APIs we can rely on ASM detecting the actual SQL Injection (since they do look like ?$filter='whatever'), but this is a level of micro-management of the policy that I am not very reluctant to get into just yet...

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)