Forum Discussion

paul_dawson_258's avatar
paul_dawson_258
Icon for Nimbostratus rankNimbostratus
Jun 01, 2016

SQL Injection marked as informational

Hi Guys,

 

I'm not sure why but ASM is picking up the attack signature as SQL Injection but marking it as informational. Any ideas?

 

 

2 Replies

  • If you go to Security>>Options: Application Security: Advanced Configuration: Violations List, what is the severity level assigned to Attack Signatures? You can click on Attack Signatures to see it.

     

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    Paul,

     

    Is the Request Informational because it's a legal request i.e. the Green Tick. This would suggest the signature(s) are in Staging. Once out of Staging the request becomes Illegal and the Severity should change accordingly.

     

    N