Q: What mechanisms does digiRunner use to prevent SQL Injection attacks?
A: digiRunner implements basic SQL injection checks directly at the gateway level to ensure API security.
How it works:
The system uses a lightweight safeguard designed to block requests containing specific risky characters known to be associated with common injection attacks. Specifically, the gateway inspects traffic and blocks inputs containing:
Single quotes (')
Semicolons (;)
Important Security Note: These checks serve as a first line of defense against obvious attack attempts. However, digiRunner is not a substitute for a full-featured Web Application Firewall (WAF).
For comprehensive protection against advanced or complex SQL injection threats, we strongly recommend a layered defense strategy: combine digiRunner with a dedicated WAF or infrastructure-level security controls.
