Sentry administrators configuring Sentry to protect against SQL Injections may want to test the default definitions.
There are 2 regular expressions defined in the default "SQL_Injection" pattern match policy. Each is listed below with a sample string to trigger the policy.
1. \w*((\x27)|(\'))((\x6F)|o|(\x4F))((\x72)|r|(\x52))
The following string will trigger this: 'or
2. (?i)((\%27)|(\'))union
The following string will trigger this: 'union
Further customization can be made to any of the default Pattern Match policies, either by modifying the default expressions or adding additional expressions.
For more information on Pattern Match policies and how to build a task list to apply a policy, see the attached Task Management Guide
0 Comments