Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
faical
Staff
Staff

Created on ‎08-21-2024 07:15 AM Edited on ‎11-20-2024 07:24 AM By Staff

Article Id 335179

Technical Tip: How to protect against JSON attacks in the body (SQL injection)

Description

The article describes how to enable FortiWeb to block SQL injections (using JSON in the HTTP body).
Scope FortiWeb.
Solution

The signature profile does not detect SQL injections in a JSON body. For FortiWeb to scan and block JSON requests, the JSON Protection policy needs to be added to the Web Protection Profile. Configure a JSON Protection Profile with the Signature Detection option enabled (see the screenshot below) and assign it to the Web Protection Profile. No JSON rule is needed unless further customization of API access is desired.

 

enable_JSON_protection.jpeg

 

Attack logs:

 

Json_Alog.png

 

Note: To detect XML injection in an XML body, enable Signature Detection under the XML Protection settings. This configuration is similar to the existing guidance for detecting SQL injection in a JSON body, which also requires enabling Signature Detection under the JSON Protection settings.
158
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.