Forum Discussion
Is F5 WAF support JSON syntax in their SQL injection inspection process.
- Dec 09, 2022
Json is just a way to represent data using a specific string formatting standard. In short any json is a string.
In the other hand, F5 checks string inputs against signature matches, so sql injection can be detected in any string input.
Putting this together, F5 waf can detect malicious data in json inputs.
If this is not what you are asking for, could you provide further details?
The accepted answer does not really answer the poster was looking for, see below link, is the F5 currently susceptable to this JSON syntax attack?
https://securityaffairs.co/wordpress/139445/hacking/web-application-firewalls-waf-bypass.html
The original question was general, so was the answer.
Attackers or researchers crafting specific attack patterns that could bypass the WAF is something not uncommon. This is why signatures updates are there for. And this is not specific to json inputs.
- chrissaintDec 14, 2022Nimbostratus
Are you an actual support representative? Or just being combative for fun?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com