SQL Injection Prevention
Prophaze WAF deployed wide range of methods into its core algorithm to block generic and advanced SQL injection attacks where not-sanitised user inputs is used to inject SQL commands which can disclose system Information and data leakage. The most common sql injection methods blocked are.
- SQL comment sequence
- SQL hex sequence
- SQL String Termination
- SQL Operators Blocking
- Blocks SQL Tautologies
- Blocks Common Database Names
- Blind SQL injection Blocking
- Injection Character anomaly blocking
- Injection Payload Blocking
- MSSQL specific signatures
- SQL Integer overflow
- SQL sleep command exploit
- Prevents conditional SQL injection
- MySQL character switch injection
- SQL Authentication Bypass
- pg_sleep injection
- Chained SQL Injection
- Stored procedure Injection
- UDF Injection using data structure manipulation
- Concatenated SQL Injection
