The Protect Against Code Injection assertion provides threat protection against code injection attacks targeting web services and Web applications, including AJAX applications. Use this assertion to protect against the following threats:
You may experience performance issues with this selection.
This assertion can help protect vulnerable parameters in the path (or URI) of the URL, in addition to the URL query string and message body.
To learn about selecting the target message for this assertion, see Select a Target Message.
Configure the properties as follows.
|Apply protection to:||
Specify where to apply the protection:
Select one or more injection threats to protect against. Point at each option to see a description of the protection offered. The assertion will fail upon the first protection violation detected.
This assertion checks for injection of any executable code, not just malicious code. This is because it is not always possible to determine which code is malicious or benevolent. Be especially careful when using this protection on responses, because returned HTML often contains legitimate uses of the restricted tags.