Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Recently, news and research about WAF bypass technique using JSON-based SQL syntax are making rounds in the interwebs. Claroty have published their research on this topic. https://claroty.com/t...

Published Dec 16, 2022

Version 1.0

f5 sirt

Security

ArvinF

SIRT

Joined May 23, 2019

View Profile

ArvinF

SIRT

Jan 09, 2023

Update:

The attack signatures have been reclassified as Medium Accuracy in the 29 Dec 2022 Attack Signature update and is now part of the Medium Accuracy attack signature set. The signatures are still part of the SQL Injection Attack Signature set.

"OR" POSTGRE JSON attack signature"AND" POSTGRE JSON attack signaturePOSTGRE JSON SQL Injection Attack Signature

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS