How to handle Cross Site Scripting(XSS) and SQL Injection in API proxy level ? Is there custom policies exists to handle these 2 vulnerabilites ?
Solved! Go to Solution.
Yes, you can - there are already several articles on this topic, check it out
Yes, you can - there are already several articles on this topic, check it out
Nice answer!
@Mukundha Madhavan , Thank You !! I got answer how to handle for SQL Injection.
I believe little detail about policy for Cross Site Scripting(XSS). I see a thread for API Vulnerablities. But, would be great if have more details for XSS from Policy Perspective. Thank You for your help !!
Similar to the SQL injection -- from an API perspective, it is important to sanitize the input parameters. Look here for - detecting script patterns in the policy, specifically the javascript injection. As mentioned in the other articles, there are several solutions to handle at different parts of the stack
Thanks @Mukundha Madhavan.
I see this Java Script Pattern : <\s*script\b[^>]*>[^<]+<\s*/\s*script\s*> here. But how i use in <Pattern> tag in "Regular Expression Protection" Policy. Am I referring Right Policy ? if use either <\s*script\b[^>]*>[^<]+<\s*/\s*script\s*> or <\s*script\b[^>]*>[^<]+<\s*/\s*script\s*> Pattern tag does not accept this java script pattern. Can you guide on this ?
Thank you for this, the fourth link appears to be broken.. any chance you got the updated link?
I do understand it has been more than 2 years, just checking 🙂
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |