STIGQter STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016: To protect against data mining, the DataPower Gateway providing content filtering as part of its intermediary services must detect code injection attacks launched against application objects including, at a minimum, application URLs and application code.

DISA Rule

SV-79743r1_rule

Vulnerability Number

V-65253

Group Title

SRG-NET-000319-ALG-000153

Rule Version

WSDP-AG-000080

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Search Bar “Processing Rule” >> processing rule >> Rule Action “+” >> Action Type “Filter”.

In the filter action, specify that the provided XSL stylesheet, store:///SQL-Injection-Filter.xsl, be used for the transform.

For the injection pattern file, specify store:///SQL-Injection-Patterns.xml, or specify the following name-value pair for the stylesheet parameters:

Name: {http://www.datapower.com/param/config}SQLPatternFile
Value: store:///SQL-Injection-Patterns.xml

Check Contents

Search Bar “Processing Rule” >> Processing rule.

If “Rule Action” does not contain a “Filter” action, this is a finding.

Vulnerability Number

V-65253

Documentable

False

Rule Version

WSDP-AG-000080

Severity Override Guidance

Search Bar “Processing Rule” >> Processing rule.

If “Rule Action” does not contain a “Filter” action, this is a finding.

Check Content Reference

M

Target Key

2859

Comments