Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

SQL Injection marked as informational

paul_dawson_258
Nimbostratus
Nimbostratus

‎01-Jun-2016 06:30

Hi Guys,

 

I'm not sure why but ASM is picking up the attack signature as SQL Injection but marking it as informational. Any ideas?

 

0691T000006ApcUQAS.png

 

Labels:
0 Kudos
2 REPLIES 2

Erik_Novak
F5 Employee
F5 Employee

‎01-Jun-2016 07:11

If you go to Security>>Options: Application Security: Advanced Configuration: Violations List, what is the severity level assigned to Attack Signatures? You can click on Attack Signatures to see it.

 

0 Kudos

nathe
Cirrocumulus
Cirrocumulus

‎01-Jun-2016 07:12

Paul,

 

Is the Request Informational because it's a legal request i.e. the Green Tick. This would suggest the signature(s) are in Staging. Once out of Staging the request becomes Illegal and the Severity should change accordingly.

 

N

 

0 Kudos
Copyright © 2023 Khoros, LLC