STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

To protect against data mining, the DataPower Gateway providing content filtering must prevent code injection attacks launched against application objects including, at a minimum, application URLs and application code.

DISA Rule

SV-79735r1_rule

Vulnerability Number

V-65245

Group Title

SRG-NET-000318-ALG-000151

Rule Version

WSDP-AG-000076

Severity

CAT II

CCI(s)

• CCI-002346 - The organization employs organization-defined data mining prevention techniques for organization-defined data storage objects to adequately protect against data mining.

Weight

10

Fix Recommendation

Search Bar “Processing Rule” >> processing rule >> Rule Action “+” >> Action Type “Filter”.

In the filter action, specify that the provided XSL stylesheet, store:///SQL-Injection-Filter.xsl, be used for the transform.

For the injection pattern file, specify store:///SQL-Injection-Patterns.xml, or specify the following name-value pair for the stylesheet parameters:

Name: {http://www.datapower.com/param/config}SQLPatternFile
Value: store:///SQL-Injection-Patterns.xml

Check Contents

Search Bar “Processing Rule” >> Processing rule.

If “Rule Action” does not contain a “Filter” action, this is a finding.

Vulnerability Number

V-65245

Documentable

False

Rule Version

WSDP-AG-000076

Severity Override Guidance

Search Bar “Processing Rule” >> Processing rule.

If “Rule Action” does not contain a “Filter” action, this is a finding.

Check Content Reference

M

Target Key

2859

Comments