Does Imunify360 protect server from Cross-site scripting (XSS) and SQL injection attacks

Issue

Does Imunify360 protect server from Cross-site scripting (XSS) and SQL injection attacks?

Environment

• Imunify360
• ModSecurity

Solution

• Cross-site scripting (XSS) is a security exploit that allows an attacker to inject into a website malicious client-side code. This code is executed by the victims and lets the attackers bypass access controls and impersonate users.
• SQL injection takes advantage of Web apps that fail to validate user input. Hackers can maliciously pass SQL commands through the Web app for execution by a backend database.

While Imunify360's ModSecurity ruleset contains related rules, currently, the protection against XSS and SQL injections themselves is not a top priority for Imunify360 since these attacks are targeting website visitors, not servers. The existing rules, in general, are meant to address more complex attacks with privilege escalation, so some scenarios of XSS and SQL injections are covered. Plus, if there is a trending known attack, specific rules will be added to prevent them. However, more generic XSS/SQLi rules will lead to a high rate of false-positive detections, which we are trying to avoid.

Therefore, the protection against XSS and SQL injections should be implemented on the web application code level as the necessary measures will depend on the website code and may be unique for each case.

In addition, it is possible to add custom ModSecurity rules according to this guide.

Useful links

• https://blog.imunify360.com/modsecurity-rules-how-to-guide