Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Recently, news and research about WAF bypass technique using JSON-based SQL syntax are making rounds in the interwebs. Claroty have published their research on this topic. https://claroty.com/t...

Published Dec 16, 2022

Version 1.0

f5 sirt

security

ArvinF

SIRT

I'm Arvin, Security Engineer with the F5SIRT

View Profile

ArvinF

SIRT

Jan 08, 2023

Update:

The attack signatures have been reclassified as Medium Accuracy in the 29 Dec 2022 Attack Signature update and is now part of the Medium Accuracy attack signature set. The signatures are still part of the SQL Injection Attack Signature set.

"OR" POSTGRE JSON attack signature"AND" POSTGRE JSON attack signaturePOSTGRE JSON SQL Injection Attack Signature

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS