Layer7 API Management

  • Private Community

  • 1.  Gateway Security Testing

    Posted Jun 27, 2018 09:01 AM

    I am looking for test data for below security testing of rest services. Could you please test data for each.

     

    1.Protect against code injection [URL Path or URL query string]

    2.Protect against SQL attacks [Request Body or URL query string]

    3.Cross-site scripting

     



  • 2.  Re: Gateway Security Testing

    Posted Jun 28, 2018 03:43 AM

    for url path i published a service /security/*

    while sending a request from soap ui edited the url as follows "/security/'1" below is the output from ssg log

    2018-06-28T13:04:47.271+0530 WARNING 60343 com.l7tech.server.policy.assertion.ServerCodeInjectionProtectionAssertion: 7166: PHP eval Injection detected in Request URL path "/security/'1": /security/'1

     

    let me see if i can find answers for the other requested items



  • 3.  Re: Gateway Security Testing

    Posted Jun 28, 2018 07:09 AM

    i added a parameter blah.asp?n='DROP TABLE SSG&n=Deep

     

    the output from my log

     

    2018-06-28T16:37:34.853+0530 WARNING 60374 com.l7tech.server.policy.assertion.ServerCodeInjectionProtectionAssertion: 7153: PHP eval Injection detected in Request URL parameter "blah.asp?n='DROP TABLE SSG&n=Deep": query

    2018-06-28T16:37:34.853+0530 INFO    60374 com.l7tech.server.MessageProcessor: 3017: Policy evaluation for service security [b8e7c63cf72e281de2909f67759a13cc] resulted in status 400 (Bad Request)



  • 4.  Re: Gateway Security Testing

    Posted Jun 28, 2018 07:14 AM

    for sql message body

     

    anywhere in the message body insert exec sp_abc

     

    the output from my logs

    2018-06-28T16:42:01.071+0530 WARNING 60372 com.l7tech.server.policy.assertion.ServerSqlAttackAssertion: 7215: SqlMeta detected in Request message body: ------=_Part_42_967347820...

    2018-06-28T16:42:01.071+0530 WARNING 60372 com.l7tech.server.policy.assertion.ServerSqlAttackAssertion: 7204: Request was flagged by Protect Against SQL Attacks Assertion

    2018-06-28T16:42:01.072+0530 INFO    60372 com.l7tech.server.MessageProcessor: 3017: Policy evaluation for service security [b8e7c63cf72e281de2909f67759a13cc] resulted in status 400 (Bad Request)



  • 5.  Re: Gateway Security Testing
    Best Answer

    Posted Jun 28, 2018 07:24 AM

    for sql query string

     

    added parameter 1 = 1/blah.asp?n='DROP TABLE SSG&n=xyz

     

    below is the output form logs

     

    2018-06-28T16:52:44.483+0530 WARNING 60382 com.l7tech.server.policy.assertion.ServerSqlAttackAssertion: 7214: SqlMeta detected in Request URL parameter "1": ... = 1/blah.asp?n='DROP TABLE SSG&n=xyz

    2018-06-28T16:52:44.483+0530 WARNING 60382 com.l7tech.server.policy.assertion.ServerSqlAttackAssertion: 7204: Request was flagged by Protect Against SQL Attacks Assertion

    2018-06-28T16:52:44.483+0530 INFO    60382 com.l7tech.server.MessageProcessor: 3017: Policy evaluation for service security [b8e7c63cf72e281de2909f67759a13cc] resulted in status 400 (Bad Request)



  • 6.  Re: Gateway Security Testing

    Posted Jun 28, 2018 07:45 AM

    i am not aware of any test data about cross-site scripting, last time i remember using burp tool for this, if you check online you should be able to find out how use burp to check for cross-site scripting