Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Dec 09, 2022

Is F5 WAF support JSON syntax in their SQL injection inspection process.

Is F5 WAF support JSON syntax in their SQL injection inspection process.

application delivery

Amine_Kadimi
Dec 09, 2022
Json is just a way to represent data using a specific string formatting standard. In short any json is a string.

In the other hand, F5 checks string inputs against signature matches, so sql injection can be detected in any string input.

Putting this together, F5 waf can detect malicious data in json inputs.

If this is not what you are asking for, could you provide further details?

Icon for Altocumulus rank

Altocumulus

I guess, the question was related to this article
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
which implies that F5 can't detect sql injection in any string.

Icon for Nimbostratus rank

Nimbostratus

Dec 12, 2022

Yes it is

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming