Hello Team,
I am currently using "Protect against SQL attack" for URL path and URL parameters.
I have selected Standard SQL Injection Attack Protection in the assertion.
My valid request looks like below.
https://<hostname>/v1/exampleData?SourceName=’test’&Period=’2016-11-08'
So, whenever I receive a request with url path as /v1/exampleData?## or url param as ?SourceName=’te'st’&Period=’2016#-11-08', I expect these requests to get rejected. But they are passing through without failing.
If I select, Invasive SQL Injection Attack Protection, my valid request also fails due to presence of quotes.
I appreciate if anyone can provide guidance on how to rectify this issue.
Regards,
Saidawali