Recently, Team82 introduced the technique for bypassing Web Application Firewalls (WAFs) by using JSON syntax in SQL injections (SQLi). This technique takes advantage of the fact that major SQL databases support JSON functions and operators, but WAFs do not inspect SQLi for JSON syntax.

We have tested this attack technique on the Wallarm solution and confirmed that our deep request inspection capability with support for JSON formats reliably mitigates advanced SQLi that use JSON syntax.

At Wallarm, we take the security of your infrastructure seriously, providing strong protection against modern threats.