Forum Discussion

SSHSSH_97332's avatar
SSHSSH_97332
Icon for Nimbostratus rankNimbostratus
Jan 24, 2012

SQL Injection at a demo

Through a ASM demo , i wanted to simulate SQL injection attakec to show the customer Logs & reports . buit i found that attack was not detected ( even i used all attack signatures at the policy )

i tired to login to a Web page of a switch behind ASM with the below :

 

' or 1=1--

 

 

 

 

 

 

 

  • Hi SSHSSH,

     

     

    Do you have the SQL injection attack signatures enabled in the ASM policy and out of staging? If so, this attack should be caught.

     

     

    Aaron
  • i used all attacks at the policy , if it is in staging it should be logged under reports > charts? right ? how to make sure it is out of staging ?
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    SSHSSH

     

     

    You can check a couple of ways to see if a sig is in staging. Firstly, go to Attack Signatures on the left hand menu and then select Policy Attack Signatures. This will show all the signatures for the selected web application. If you change the filter to Custom you should be able to select In Staging - Yes and this will list all sigs within this web app that are in staging.

     

     

    Second way is under Policy Building - click on Manual and I believe under the Traffic Learning section if you have sigs in staging you will have a link called "Attack signature staging" - if you click on this it will show up details of violations triggered against sigs in staging.

     

     

    This is 9.4.8 ASM so may be slightly different depending on your version.

     

     

    Hope this helps.

     

     

    N