From IBM DataPower ALG Security Technical Implementation Guide
Part of SRG-NET-000318-ALG-000014
Associated with: CCI-002346
Data mining is the analysis of large quantities of data to discover patterns and is used in intelligence gathering. Failure to prevent attacks launched against organizational information from unauthorized data mining may result in the compromise of information.
Search Bar “Processing Rule” >> Processing rule. If “Rule Action” does not contain a “Filter” action, this is a finding.
Search Bar “Processing Rule” >> Processing rule >> Rule Action “+” >> Action Type “Filter”. In the filter action, specify that the provided XSL stylesheet, store:///SQL-Injection-Filter.xsl, be used for the transform. For the injection pattern file, specify store:///SQL-Injection-Patterns.xml, or specify the following name-value pair for the stylesheet parameters: Name: {http://www.datapower.com/param/config}SQLPatternFile Value: store:///SQL-Injection-Patterns.xml
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer