Hi Team,

Can you please advise if we can implement XML Threat Protection in API Connect using datapower extension .I wanted to implement XML Threat Protection(SQL Injection) in API Connect but do not find any policy that supports it.Kindly help

Regards
Sadhana

------------------------------
Sadhana
------------------------------

Hi Sadhana,

DataPower implements SQL Injection threat protection via a stylesheet in store:///SQL-Injection-Filter.xsl which references store:///SQL-Injection-Patterns.xml.  The xml file is a sample that you are expected to modify to meet your needs.  For API Connect, you could have a xslt policy that would use the dp:transform extension function, passing your message.body as a payload.   If this is something that would need to be done for every transaction, you would need to do this xslt policy in a pre-request global policy.

Best Regards,

Steve

------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
------------------------------

Original Message:
Sent: Fri October 21, 2022 03:35 PM
From: Sadhana Guduru
Subject: XML Threat Protection through DP Extension

Hi Team,

Can you please advise if we can implement XML Threat Protection in API Connect using datapower extension .I wanted to implement XML Threat Protection(SQL Injection) in API Connect but do not find any policy that supports it.Kindly help

Regards
Sadhana

------------------------------
Sadhana
------------------------------

Thank you Steve,
I will try and implement in APIC using XSLT

------------------------------
Sadhana Guduru
------------------------------

Original Message:
Sent: Tue October 25, 2022 09:08 AM
From: Steve Linn
Subject: XML Threat Protection through DP Extension

Hi Sadhana,

DataPower implements SQL Injection threat protection via a stylesheet in store:///SQL-Injection-Filter.xsl which references store:///SQL-Injection-Patterns.xml.  The xml file is a sample that you are expected to modify to meet your needs.  For API Connect, you could have a xslt policy that would use the dp:transform extension function, passing your message.body as a payload.   If this is something that would need to be done for every transaction, you would need to do this xslt policy in a pre-request global policy.

Best Regards,

Steve

------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM

Original Message:
Sent: Fri October 21, 2022 03:35 PM
From: Sadhana Guduru
Subject: XML Threat Protection through DP Extension

Hi Team,

Can you please advise if we can implement XML Threat Protection in API Connect using datapower extension .I wanted to implement XML Threat Protection(SQL Injection) in API Connect but do not find any policy that supports it.Kindly help

Regards
Sadhana

------------------------------
Sadhana
------------------------------