SQL Threat Protection
The role of this interceptor is to block SQL Injection attacks in the calls to an API accessing a database.
Although the SQL Threat Protection interceptor may be inserted in the response flow of an API as well, it is essential that you place it in the request flow, since the attacks mentioned occur in the direction client ⇒ backend.
To configure the interceptor, you must choose at least one of the options of blocks to be protected. When inserted in the request flow, these are the options:
-
Body: the interceptor applies protection to the body of the request;
-
Headers: it applies protection to all headers, checking each one separately;
-
Query Params: it checks parameter by parameter to search for attacks.
-
Cookies: it applies protection to all cookies, checking each one separately;
-
Path Params: it checks parameter by parameter for attacks.
When also inserted in the response flow, there are two other options to select:
-
Body: the interceptor applies protection to the body of the response;
-
Headers: it applies protection to all headers, checking each one separately.
If all options are selected, validations will occur in the following sequence:
-
Request: Query Params, Body, Headers, Cookies, Path Params.
-
Response: Body, Headers.
Errors
If a SQL Injection attack is identified, the following errors will be returned:
Fields | Error | HTTP Code Request | HTTP Code Response |
---|---|---|---|
Body |
SQL Injection attack identified in this API Body |
400 |
500 |
Headers |
SQL Injection attack identified in this API Headers |
400 |
500 |
Query Params |
SQL Injection attack identified in this API Query Params |
400 |
- |
Cookies |
SQL Injection attack identified in this API Cookies |
400 |
- |
Path Params |
SQL Injection attack identified in this API Path Params |
400 |
- |
Share your suggestions with us!
Click here and then [+ Submit idea]