ITWire

{JS-ON: Security-OFF}: Abusing JSON-based SQL to bypass WAF

GUEST RESEARCH: Web application firewalls (WAF) are designed to safeguard web-based applications and APIs from malicious external HTTPs traffic, most notably cross-site scripting and SQL injection ...
CSOonline

JSON-based SQL injection attacks trigger need to update web application firewalls

Security researchers have developed a generic technique for SQL injection that bypasses multiple web application firewalls (WAFs). At the core of the issue was WAF vendors failing to add support for ...