Forum Discussion
SSHSSH_97332
Nimbostratus
NimbostratusSQL Injection at a demo
Through a ASM demo , i wanted to simulate SQL injection attakec to show the customer Logs & reports . buit i found that attack was not detected ( even i used all attack signatures at the policy )
i tired to login to a Web page of a switch behind ASM with the below :
' or 1=1--
hoolioCirrostratus
Hi SSHSSH,
Do you have the SQL injection attack signatures enabled in the ASM policy and out of staging? If so, this attack should be caught.
Aaron
SSHSSH_97332i used all attacks at the policy , if it is in staging it should be logged under reports > charts? right ? how to make sure it is out of staging ?- nathe
Cirrocumulus
SSHSSH
You can check a couple of ways to see if a sig is in staging. Firstly, go to Attack Signatures on the left hand menu and then select Policy Attack Signatures. This will show all the signatures for the selected web application. If you change the filter to Custom you should be able to select In Staging - Yes and this will list all sigs within this web app that are in staging.
Second way is under Policy Building - click on Manual and I believe under the Traffic Learning section if you have sigs in staging you will have a link called "Attack signature staging" - if you click on this it will show up details of violations triggered against sigs in staging.
This is 9.4.8 ASM so may be slightly different depending on your version.
Hope this helps.
N