Parameter Protection defends web applications from attacks sent inside URL parameters.
Parameters that contain special characters might have SQL or HTML tagging expressions embedded in them. Embedded SQL keywords like
UNION in a parameter, or system commands such as
xp_cmdshell can exploit web application vulnerabilities. These attack patterns can be configured in Parameter Protection, and if a web request parameter matches, the request is not processed.