TEC Workbook - IBM
TEC Workbook - IBM
TEC Workbook - IBM
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>IBM</strong> Software<br />
The processing policy should now look like the following image.<br />
__5. Click the Apply Policy button to make your changes active.<br />
__6. In the soapUI request window, load the request from c:\labs\requests\missingDp.xml.<br />
Notice that the brand is missing the word “DataPower”.<br />
__7. Click the green submit button to POST the request to MyServiceProxy. You should receive a<br />
SOAP fault with an error message as shown in the following image.<br />
2.5.1 SQL Injection Threat Filtering<br />
SQL Injection is an attack technique used to exploit Web sites and services that construct SQL<br />
statements from user-supplied input. For example, assume that a web service expects a SOAP request<br />
containing a element used for looking up a customer.<br />
<br />
<br />
KAPLAN<br />
<br />
<br />
The Web service uses an SQL statement with substitution parameters similar to the following SQL<br />
snippet:<br />
SELECT * FROM EMPLOYEE WHERE LASTNAME = ?<br />
After the substitution takes place, the resultant SQL statement will be:<br />
SELECT * FROM EMPLOYEE WHERE LASTNAME = 'KAPLAN'<br />
However, if the value submitted in the element contained a malicious SQL injection threat, it<br />
may look like this:<br />
<br />
<br />
KAPLAN’ OR ‘1’=’1<br />
<br />
<br />
Page 44 WebSphere Lab Jam