Parameter Protection defends web applications from attacks sent inside URL parameters.
Parameters that contain special characters might have SQL or HTML tagging expressions embedded in them. Embedded SQL keywords like OR
, SELECT
, or UNION
in a parameter, or system commands such as xp_cmdshell
can exploit web application vulnerabilities. These attack patterns can be configured in Parameter Protection, and if a web request parameter matches, the request is not processed.