For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Recently, news and research about WAF bypass technique using JSON-based SQL syntax are making rounds in the interwebs. Claroty have published their research on this topic. https://claroty.com/t...

Published Dec 16, 2022

Version 1.0

f5 sirt

security

ArvinF

SIRT

I'm Arvin, Security Engineer with the F5SIRT

View Profile

ArvinF

SIRT

Jan 09, 2023

Update:

The attack signatures have been reclassified as Medium Accuracy in the 29 Dec 2022 Attack Signature update and is now part of the Medium Accuracy attack signature set. The signatures are still part of the SQL Injection Attack Signature set.

"OR" POSTGRE JSON attack signature"AND" POSTGRE JSON attack signaturePOSTGRE JSON SQL Injection Attack Signature

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS