Imperva Cyber Community

We have a DAM Implemented on Oracle servers and i want to apply Sql Injection alerts on the same, can somebody help me on the same, if anyone has applied this capability already in their system with very less FP.

We have a DAM Implemented on Oracle servers and i want to apply Sql Injection alerts on the same, can somebody help me on the same, if anyone has applied this capability already in their system with very less FP.

Hello Shashank,

On the MX GUI, navigate to Policies > Security.
Locate the Web Correlation Policy, and under this section, you'll find the SQL Injection Policy.

You can enable or apply this policy to protect against SQL injection attacks.

Best regards,
Raunak

We have a DAM Implemented on Oracle servers and i want to apply Sql Injection alerts on the same, can somebody help me on the same, if anyone has applied this capability already in their system with very less FP.

we are in version 14.19 DAM SeS  and i don't see these policies Web Correlation Policy in your mentioned path . please check and advise

Hello Shashank,

On the MX GUI, navigate to Policies > Security.
Locate the Web Correlation Policy, and under this section, you'll find the SQL Injection Policy.

You can enable or apply this policy to protect against SQL injection attacks.

Best regards,
Raunak

We have a DAM Implemented on Oracle servers and i want to apply Sql Injection alerts on the same, can somebody help me on the same, if anyone has applied this capability already in their system with very less FP.

We have a DAM Implemented on Oracle servers and i want to apply Sql Injection alerts on the same, can somebody help me on the same, if anyone has applied this capability already in their system with very less FP.

Hi Shashank,

You may use signatures which are provided as a part of ADC since they will consist of signatures pertaining to SQLi attack.

Regards,

We have a DAM Implemented on Oracle servers and i want to apply Sql Injection alerts on the same, can somebody help me on the same, if anyone has applied this capability already in their system with very less FP.

Thanks community for your updates, Recommended signature policy for database applications,  Shall i enable this policy to protect against sql injection attacks, if yes then this policy gives a lot of false positive and difficult to fine tune it.

Hi Shashank,

You may use signatures which are provided as a part of ADC since they will consist of signatures pertaining to SQLi attack.

Regards,

We have a DAM Implemented on Oracle servers and i want to apply Sql Injection alerts on the same, can somebody help me on the same, if anyone has applied this capability already in their system with very less FP.

Hi Shashank,

If you use out of the box security policy, then it will be difficult to apply exclusion or exception criteria. That is why we mentioned that you can use the signatures pertaining to Oracle databases which are provided as a part of ADC and add them in your custom security policy.

Regards,

Thanks community for your updates, Recommended signature policy for database applications,  Shall i enable this policy to protect against sql injection attacks, if yes then this policy gives a lot of false positive and difficult to fine tune it.

Hi Shashank,

You may use signatures which are provided as a part of ADC since they will consist of signatures pertaining to SQLi attack.

Regards,

We have a DAM Implemented on Oracle servers and i want to apply Sql Injection alerts on the same, can somebody help me on the same, if anyone has applied this capability already in their system with very less FP.