Imperva Cyber Community

Expand all | Collapse all

SQL Injection Protection Pactice (On-premise WAF)

Jump to Best Answer
  • 1.  SQL Injection Protection Pactice (On-premise WAF)

    Posted 03-18-2021 16:15

    Apart from:
    - Default security policies
    - Keeping latest ADC updates
    - Activate "ThreatRadar - SQL Injection IPs" feed

    What else do you recommend on on-premise WAF about defending against SQL injection attacks?
    Please share me some insights or let me benefit from your experiences. 


    Louis Tsoi
    Technical Specialist
    Cyberforce Limited

  • 2.  RE: SQL Injection Protection Pactice (On-premise WAF)
    Best Answer

    Posted 29 days ago
    Hi @Louis Tsoi,

    From my experience, Protection against SQLi is input validation.
    You can use Profile policy to enforce unauthorized application parameter and its value based on input type for each​ URL/path of your application.
    Dynamic Profiling automatically learns your application behavior including user/application's input and let you enforce "whitelist security model" policy which is called Profile policy.

    Hope this helps.

    Worachat Sarsa
    Exclusive Networks TH