Hi @Dino-at-Google, @Dino
We are creating a security check shared flow, such that the flow needs to protect service from the following
criterias:
SQL Injection Threat Protection:
Regex exp- alter|create|delete|(drop\\s*table)|(truncate\\s*table)|exec(ute){0,1}|(insert\\s*into)
Injection Threat Protection
Regex exp- (?=.*/)(?=.*(<\\s*script\\b[^>]*>[^<]+<\\s*.+\\s*[s][c][r][i][p][t]\\s*>))
ServerSide Include Injection Threat Protection:
Regex exp- <!--\\s*#\\s*(include|exec|echo|config|printenv|fsize).*-->
Path Syntax Injection Threat Protection :
Regex exp- (?=.*(\\b(ancestor|ancestor-or-self|attribute|child|descendant|descendant-or-self|following|following-sibling|namespace|parent|preceding|preceding-sibling|self)\\b[\\s]*::))(?=.*(\\=))
Please suggest the best practices,
What policies do we need to use apart from Json & XML threat protection?
Regards,
Ashwith
LinkedIn
Twitter
