Forum Discussion

Altostratus

Apr 04, 2017

SQL attack signatures, are they enough to prevent an attack?

Hi; In a form, the value for parameter Last Name can be Last Name: Brown' OR '1'='1' which is a pattern that matches an attack signature. However, if I make this Last Name: Brown' OR '1'>...

ASM Advanced WAF

security

nathe

Cirrocumulus

Apr 05, 2017

Wasfi, where Attack Signature protections end, by adding positive security you can make up any shortfalls. In your example, if you configure the Last Name parameter in the policy you can then restrict metacharacters, for example the single quote ', so ASM would block your second example with "illegal metacharacter in parameter value" and not require an Attack Signature.

Hope this helps,

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SQL attack signatures, are they enough to prevent an attack?

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Portal Access Application URI - ERR_EMPTY_RESPONSE

iRule, Traffic Policy or Re-Write Policy

ASM subsystem error

F5 iRule Reverse Proxy, rewrite, redirect

Ssl profile different in case of retry

Related Content

Custom Attack Signatures

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Wildcard Parameter signature attack

Post-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack

NGINX App Protect v5 Signature Notifications

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS