Forum Discussion

Oscar77's avatar
Oscar77
Icon for Nimbostratus rankNimbostratus
Dec 22, 2021

F5 OWASP Top Ten Rules, no working NoSQL Injection properly

Hi there, if we do a postman POST request to our Api with the next one body in the request:   { "link": { "$ne": null } },   The request is passing using Mentioned...
AWS
F5 Rules for AWS WAF
security
  • Mohamedfaizur's avatar
    Mohamedfaizur
    Jan 14, 2022

    Hi Oscar77,

    OWASP ruleset has been updated with all our recent NoSQL signatures, covering the example mentioned above and more. Please test again with latest ruleset and let us know the result

    Thanks

    Mohamedfaizur

  • Mohamedfaizur's avatar
    Mohamedfaizur
    Jan 20, 2022

    Hi,

    The types of NoSQL injection signatures we have are all the popular operands, similar to $gt which stands for "greater than" and $lt for "less than". We cannot list all the different operands we're searching for due to security concerns.

    Thanks

    Mohamedfaizur

     

Oscar77's avatar
Oscar77
Icon for Nimbostratus rankNimbostratus

Hi,

 

We are thinking about to stop using F5 rules in all of multiple environments, because we are worried about a poorly fast support from F5, is a pitty because we loved to use it, but is useless if we cannot obtain support if we need it.

Mohamedfaizur's avatar
Mohamedfaizur
Icon for Employee rankEmployee
Jan 12, 2022

Hi Oscar77,

Sorry for late reply. I am working with backend team. I will update asap

Thanks

Mohamedfaizur