How does the ProxySG appliance detect SQL injection attacks?
search cancel

How does the ProxySG appliance detect SQL injection attacks?


Article ID: 165940


Updated On:


ProxySG Software - SGOS


SGOS 6.5.2 introduced the Application Protection service. If you already have the Web Application Protections Subscription in 6.5.2 and later, the Application Protection is automatically available. Application Protection allows the ProxySG appliance to detect SQL injection attacks without the need to write and maintain content for detecting SQL injection. When you enable the feature, it downloads a database containing the latest SQL injection fingerprints, culled from real-world attacks.  

For more information, refer to the latest version of the following documents:

  • SGOS Administration Guide:
    • "Web Application Security" chapter discusses how to enable the service in the appliance Management Console and download the database to protect web applications from attacks. It also describes the content policy language (CPL) related to the feature. You can use CPL to prevent SQL injection, null-byte, invalid multi-part form, HTTP parameter pollution, and multiple encoding attacks.
  • Command Line Interface Reference describes the  #(config) application-protection command, which you use to enable or disable the service, and configure database download options.
  • Content Policy Language Reference describes the http.request.detection.injection.sql() action that supports this feature.
  • Visual Policy Manager Reference:
    •  "Web Content Policy Layer Reference" section discusses Web Content Layer and objects that support Application Protection. The layer and objects were introduced in SGOS 6.5.3.