You can add SQL injection rules to audit your databases.
Prerequisites
- You have purchased a database audit instance and the Status is Running.
- You have added a database and enabled database audit.
- A database has been added.
Procedure
- Log in to the management console.
- Click Add Rule and configure parameters.Figure 1 Adding an SQL injection rule
Table 1 SQL injection rule parameters Parameter
Description
Example Value
Name
Name of an SQL rule.
Postal Code SQL injection Rule
Risk Level
Level of risks matching a SQL rule. Its value can be:
- High
- Moderate
- Low
- No risk
Moderate
Status
Enables or disables an SQL injection rule.
: enabled
: disabled
Test Regular Expression
Regular expression that checks for content in certain pattern.
^\d{6}$
Data
Content that matches the regular expression.
Enter content and click Test to verify that the regular expression works properly.
628307
Result
Test result. It can be:
- Hit
- MissNOTE:
If the test result is Hit, the regular expression is correct.
If the test result is Miss, the regular expression is incorrect.
Hit
- Confirm the information and click OK.