F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Wasfi_182818's avatar
Wasfi_182818
Icon for Altostratus rankAltostratus
Apr 04, 2017

SQL attack signatures, are they enough to prevent an attack?

Hi;   In a form, the value for parameter Last Name can be   Last Name: Brown' OR '1'='1' which is a pattern that matches an attack signature. However, if I make this Last Name: Brown' OR '1'>...
ASM Advanced WAF
security
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Apr 05, 2017

Wasfi, where Attack Signature protections end, by adding positive security you can make up any shortfalls. In your example, if you configure the Last Name parameter in the policy you can then restrict metacharacters, for example the single quote ', so ASM would block your second example with "illegal metacharacter in parameter value" and not require an Attack Signature.

 

Hope this helps,

 

N