{"_id":"5804c8cb542ed60f00bb3edc","version":{"_id":"55db8f901a91690d007ad978","project":"55db8f8f1a91690d007ad975","__v":17,"createdAt":"2015-08-24T21:41:36.034Z","releaseDate":"2015-08-24T21:41:36.034Z","categories":["55db8f901a91690d007ad979","55db9856b3d6540d00886426","55dc751b00a8811900c230e3","55dc766255be9f21004ee250","55dc769200a8811900c230ed","55e4c701177b6e0d003330fa","55f4915caf0bc71900a53130","55f491b2be9c2b2100f0635d","560b22739c7be70d00100bd8","57488c53e8c6a420000b729c","574cefd95953e20e00f40f9f","5798edfd7700d30e00ad250c","579ac88234b5fd0e00b9e140","57c81c6d690c200e0047b72e","57d9b8fbda17c30e003897f1","57d9b90e608ea00e00f358d8","57d9b91cda17c30e003897f4"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"__v":1,"category":{"_id":"55e4c701177b6e0d003330fa","pages":["55e4c718177b6e0d003330fb","55e4c7ea40cda60d003bad38","55e4c823e252ac0d00303a54","55e4c9333325e60d007fbeb8","55e4c97540cda60d003bad3e","55e4c9903325e60d007fbebc","55e4c9c33325e60d007fbebe","55e4c9ce40cda60d003bad41"],"project":"55db8f8f1a91690d007ad975","version":"55db8f901a91690d007ad978","__v":8,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-08-31T21:28:33.497Z","from_sync":false,"order":2,"slug":"dashboard","title":"Dashboard"},"githubsync":"","parentDoc":null,"project":"55db8f8f1a91690d007ad975","user":"574c9889a1f0be2000ae376e","updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-10-17T12:49:15.182Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"settings":"","results":{"codes":[]},"auth":"required","params":[],"url":""},"isReference":false,"order":6,"body":"The SQL Injection (SQLi) Dashboard is provided for each protected application. It consists of two views:\n1. Vulnerabilities Overview\n2. Tuning\n\n#Vulnerabilities Overview\n----\nThe first page of the SQLi Dashboard provides a table with the full list of all vulnerabilities reported by the agent. \n\nVulnerability is a trace of application execution captured in the call stack that is available in the vulnerability details view. On the overview page, each vulnerability is represented by route and method responsible for the execution of the response.\n\nThe vulnerabilities overview provides a list of all vulnerabilities reported since IMMUNIO was first installed.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/690ca52-Screen_Shot_2017-09-27_at_12.37.06_PM.png\",\n        \"Screen Shot 2017-09-27 at 12.37.06 PM.png\",\n        2078,\n        610,\n        \"#f2f2f3\"\n      ]\n    }\n  ]\n}\n[/block]\nEach vulnerability is represented with the following information:\n* *Route* targeted by the reported SQL statement\n* *Code Location ID* where the vulnerability exists in the code\n* *Protection Mode* applied for this route will show as Normal when IMMUNIO is functioning properly\n* If there were new SQL structures detected for this route (*New*)\n* Most recent SQLi threat was raised for this route (*Last Occurred*)\n\n#Tuning Overview\n----\nThe Tuning section shows information on manually learned SQL transactions.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/433b592-Immunio-Dashboard_Sql-Tuning.png\",\n        \"Immunio-Dashboard_Sql-Tuning.png\",\n        2075,\n        576,\n        \"#eff0f1\"\n      ],\n      \"caption\": \"\"\n    }\n  ]\n}\n[/block]\n* *Route* targeted by the tuned SQL statement\n* *Code Location ID* where the vulnerability exists in the code\n* *Protection Mode* applied for this route will show as Normal when IMMUNIO is functioning properly\n* *Disabled Algos* basic check algorithms disabled via the Basic Check Config panel\n* Most recent SQLi threat was raised for this route (*Updated at*)\n\n#SQL Injection Vulnerability Details\n----\nThe Vulnerability Details page shows additional information about individual requests that induced the reported behavior including runtime parameters and stack trace information about that request, as well as options to tune those events if desired.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/b245f99-Screen_Shot_2017-09-27_at_12.44.40_PM.png\",\n        \"Screen Shot 2017-09-27 at 12.44.40 PM.png\",\n        2080,\n        784,\n        \"#e3e2e2\"\n      ]\n    }\n  ]\n}\n[/block]\nAt the top of the page is the Protection Policy for the Code Location,  these include:\n* *Basic* IMMUNIO monitors for obvious anomalies in the code and will raise an attack if a sensor is triggered\n* *Advanced* IMMUNIO will learn and compare structures and will raise an attack if the detected structure is different than the expected structures.\n* *Disabled* Disable detection and protection for that code location\n\nBasic Check Config: Enable and disable basic check algorithms\nLearn and Compare Expected Structures: Query structures learned by accepting the structure\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/7393ad2-Screen_Shot_2017-09-27_at_12.44.59_PM.png\",\n        \"Screen Shot 2017-09-27 at 12.44.59 PM.png\",\n        2078,\n        1022,\n        \"#efefef\"\n      ]\n    }\n  ]\n}\n[/block]\nOccurrences:\nOverview of HTTP requests that induced the same application behavior over time sorted by query that triggered the alert and number of occurrences.\nOccurrence Details:\nSpecific information about the selected Occurrence from the left hand panel.\nProtection:\nIndicates whether protection was enabled at the time the event occurred.\nTimestamp:\nDay and time when the selected event occurred.\nURL:\nURL that was targeted with the HTTP request for this occurrence.\nVulnerability Trigger:\nIndicates which algorithm triggered the alert\n***\nDetected Query:\nSanitized version of the query employed in the reported request.\nStacktrace:\nFull execution trace that represents the vulnerability.  \n\n#SQL Injection Tuning\n----\nIf IMMUNIO detects suspicious SQL requests that were not recorded in the Analysis Mode phase and this request is valid, you can update the sensors during vulnerability review.\n\nThe following Tuning Options are available:  \n\nDisable Basic Check (Basic Mode):\nTurn off the basic check algorithms to stop the sensor from triggering an alert.\n\nAccept this structure (Advanced Mode):\nLearn this specific SQL structure, so that future requests employing this structure are allowed and no longer reported.","excerpt":"","slug":"sql-injection","type":"basic","title":"SQL Injection (SQLi)"}

SQL Injection (SQLi)


The SQL Injection (SQLi) Dashboard is provided for each protected application. It consists of two views: 1. Vulnerabilities Overview 2. Tuning #Vulnerabilities Overview ---- The first page of the SQLi Dashboard provides a table with the full list of all vulnerabilities reported by the agent. Vulnerability is a trace of application execution captured in the call stack that is available in the vulnerability details view. On the overview page, each vulnerability is represented by route and method responsible for the execution of the response. The vulnerabilities overview provides a list of all vulnerabilities reported since IMMUNIO was first installed. [block:image] { "images": [ { "image": [ "https://files.readme.io/690ca52-Screen_Shot_2017-09-27_at_12.37.06_PM.png", "Screen Shot 2017-09-27 at 12.37.06 PM.png", 2078, 610, "#f2f2f3" ] } ] } [/block] Each vulnerability is represented with the following information: * *Route* targeted by the reported SQL statement * *Code Location ID* where the vulnerability exists in the code * *Protection Mode* applied for this route will show as Normal when IMMUNIO is functioning properly * If there were new SQL structures detected for this route (*New*) * Most recent SQLi threat was raised for this route (*Last Occurred*) #Tuning Overview ---- The Tuning section shows information on manually learned SQL transactions. [block:image] { "images": [ { "image": [ "https://files.readme.io/433b592-Immunio-Dashboard_Sql-Tuning.png", "Immunio-Dashboard_Sql-Tuning.png", 2075, 576, "#eff0f1" ], "caption": "" } ] } [/block] * *Route* targeted by the tuned SQL statement * *Code Location ID* where the vulnerability exists in the code * *Protection Mode* applied for this route will show as Normal when IMMUNIO is functioning properly * *Disabled Algos* basic check algorithms disabled via the Basic Check Config panel * Most recent SQLi threat was raised for this route (*Updated at*) #SQL Injection Vulnerability Details ---- The Vulnerability Details page shows additional information about individual requests that induced the reported behavior including runtime parameters and stack trace information about that request, as well as options to tune those events if desired. [block:image] { "images": [ { "image": [ "https://files.readme.io/b245f99-Screen_Shot_2017-09-27_at_12.44.40_PM.png", "Screen Shot 2017-09-27 at 12.44.40 PM.png", 2080, 784, "#e3e2e2" ] } ] } [/block] At the top of the page is the Protection Policy for the Code Location, these include: * *Basic* IMMUNIO monitors for obvious anomalies in the code and will raise an attack if a sensor is triggered * *Advanced* IMMUNIO will learn and compare structures and will raise an attack if the detected structure is different than the expected structures. * *Disabled* Disable detection and protection for that code location Basic Check Config: Enable and disable basic check algorithms Learn and Compare Expected Structures: Query structures learned by accepting the structure [block:image] { "images": [ { "image": [ "https://files.readme.io/7393ad2-Screen_Shot_2017-09-27_at_12.44.59_PM.png", "Screen Shot 2017-09-27 at 12.44.59 PM.png", 2078, 1022, "#efefef" ] } ] } [/block] Occurrences: Overview of HTTP requests that induced the same application behavior over time sorted by query that triggered the alert and number of occurrences. Occurrence Details: Specific information about the selected Occurrence from the left hand panel. Protection: Indicates whether protection was enabled at the time the event occurred. Timestamp: Day and time when the selected event occurred. URL: URL that was targeted with the HTTP request for this occurrence. Vulnerability Trigger: Indicates which algorithm triggered the alert *** Detected Query: Sanitized version of the query employed in the reported request. Stacktrace: Full execution trace that represents the vulnerability. #SQL Injection Tuning ---- If IMMUNIO detects suspicious SQL requests that were not recorded in the Analysis Mode phase and this request is valid, you can update the sensors during vulnerability review. The following Tuning Options are available: Disable Basic Check (Basic Mode): Turn off the basic check algorithms to stop the sensor from triggering an alert. Accept this structure (Advanced Mode): Learn this specific SQL structure, so that future requests employing this structure are allowed and no longer reported.