Forum Discussion

pravinmeshram's avatar
pravinmeshram
Icon for Nimbostratus rankNimbostratus
Dec 09, 2022

Is F5 WAF support JSON syntax in their SQL injection inspection process.

Is F5 WAF support JSON syntax in their SQL injection inspection process.
application delivery
  • Amine_Kadimi's avatar
    Amine_Kadimi
    Dec 09, 2022

    Json is just a way to represent data using a specific string formatting standard. In short any json is a string.

    In the other hand, F5 checks string inputs against signature matches, so sql injection can be detected in any string input.

    Putting this together, F5 waf can detect malicious data in json inputs.

    If this is not what you are asking for, could you provide further details? 

Cyber_JCCP's avatar
Cyber_JCCP
Icon for Nimbostratus rankNimbostratus
Dec 14, 2022

Hey guys, this might help clarify the issue on topic.

link: Original Claroty Security research post by Noam Moshe - The articule by Claroty that all news outlets refer to. At the end of the articule there is a small bit where it says that AWS and F5 already have created/updated their product to block the technique.

link: F5 SIRT acknowledgement to Noam Moshe of Claroty Research - Here are the Signature IDs created to block the technique. You can check them on the link: F5 Attack sigs Security Details page. Just copy paste the Sig IDs and you will see a bit more detail on them.

 

Hope this helps.