Forum Discussion

Nimbostratus

May 22, 2013

SQL-INJ "drop Schema" reporting in ASM 11.3

All, In our 11.3 ASM, we triped an attack signiture detected for the following. Looking to understand why this registered? I see schema included as part of the parameter value, but is tha...

app sec

BIG-IP Access Policy Manager (APM)

security

hoolio

Cirrostratus

May 24, 2013

Hi Lazar,

The signature is looking for drop and schema and a fairly complex regex. It's not just looking for those two key words.

If you're seeing false positives on just one parameter, I'd disable the signature on a new global parameter with that name. If you're seeing false positives on several parameters, you could disable the signature across the policy.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)