Hi,
We want to secure our apis from cross-site scripting, SQL injection and validating the json request before sending it to the backend. Is there any out of box policies for the above security measures ?
I know APIGEE has JSON threat protection OOB, but can we extend it ? Please let me know if there are extension available for SQL injection, cross-site scripting etc.
Thanks
Solved! Go to Solution.
Hi @Ram,
You cannot extend the pre-built policies. That is what the extension policies are designed to handle.
However, for your use case, it would seem sensible to use multiple protection policies. First, to help with checking the JSON payload, yes, leverage the JSON Protection Policy. The next policy in the flow should be the Regular Expression Protection policy. RegEX Protection Policy is how we recommend checking for SQL injection, Script Injection, etc..
Here's a link: RegEX Protection Policy
Please let me know if any further comments? If I have answered your question, please click accept.
Hey Ram,
Take a look at the articles linked in this community answer. Mukundha, provided some great resources for tackling these types of security concerns.
Hi @Ram,
You cannot extend the pre-built policies. That is what the extension policies are designed to handle.
However, for your use case, it would seem sensible to use multiple protection policies. First, to help with checking the JSON payload, yes, leverage the JSON Protection Policy. The next policy in the flow should be the Regular Expression Protection policy. RegEX Protection Policy is how we recommend checking for SQL injection, Script Injection, etc..
Here's a link: RegEX Protection Policy
Please let me know if any further comments? If I have answered your question, please click accept.
Thanks Robert and kengilbert for the inputs ! I will look into the OOB policies.