View on GitHub

reno-svenska

https://medyassine098.github.io/reno-svenska

#SQL Threat Protection

SQL is used to interact with relationship data bases. In the modern web based developments, the content and the behavior of many of the application is built on top of the data stored in a database servers. The data from the databases are exposed by REST ful interfaces to the consumer and thereby making the system vulnerable to SQL injection attacks where in malicious commands are send to the database via the web services. The main backdoor entry to the database happens via the unsanitized input data.

In SAP HANA Cloud Platform, API management the JavaScript policy can be used to identify the sql threats either in the input payload or the query parameters. This can achieved via the Regex to check if the user is passing sql commands like drop, create,delete table, … via either input query parameters or input payload.

In case an error is detected then Raise Fault policy could be used to return 403 forbidden status code to the end user.

How to use the sample