Hi @Dino-at-Google, @Dino
We are creating a security check shared flow, such that the flow needs to protect service from the following criterias:
SQL Injection Threat Protection:
Regex exp- alter|create|delete|(drop\stable)|(truncate\stable)|exec(ute){0,1}|(insert\s*into)
Injection Threat Protection
Regex exp- (?=./)(?=.(<\sscript\b[^>]>[^<]+<\s*.+\s*[s][c][r][i][p][t]\s*>))
ServerSide Include Injection Threat Protection:
Regex exp-
Path Syntax Injection Threat Protection :
Regex exp- (?=.(\b(ancestor|ancestor-or-self|attribute|child|descendant|descendant-or-self|following|following-sibling|namespace|parent|preceding|preceding-sibling|self)\b[\s]::))(?=.*(\=))
Please suggest the best practices,
What policies do we need to use apart from Json & XML threat protection?
Regards,
Ashwith