Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  SQL Injection Protection Pactice (On-premise WAF)

    Posted 03-18-2021 16:15
    Hi,

    Apart from:
    - Default security policies
    - Keeping latest ADC updates
    - Activate "ThreatRadar - SQL Injection IPs" feed

    What else do you recommend on on-premise WAF about defending against SQL injection attacks?
    Please share me some insights or let me benefit from your experiences. 

    Thanks.
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Louis Tsoi
    Technical Specialist
    Cyberforce Limited
    Kowloon
    ------------------------------


  • 2.  RE: SQL Injection Protection Pactice (On-premise WAF)
    Best Answer

    Posted 03-20-2021 22:27
    Hi @Louis Tsoi,

    From my experience, Protection against SQLi is input validation.
    You can use Profile policy to enforce unauthorized application parameter and its value based on input type for each​ URL/path of your application.
    Dynamic Profiling automatically learns your application behavior including user/application's input and let you enforce "whitelist security model" policy which is called Profile policy.

    Hope this helps.

    ------------------------------
    Worachat Sarsa
    SE
    Exclusive Networks TH
    Huaykwang
    ------------------------------