SQL Injection flagged when 403 Forbidden

huisheng

1. Hi, I'm scanning a site with F-Secure Radar.
2. It keep flagging SQL Injection High even though the response is: HTTP/1.1 403 Forbidden (our apps detect invalid input and response 403)
3. Here is a video showing what I meant:

f-secure-sql-injection-403-forbidden.zip

1. We have two same apps in two different servers.
2. However, only one of the server is having this issue.
3. Is there something we set wrongly for the scan?

Thanks.

huisheng

Please note the URL we use to scan is locked down to our IP.

Not sure if this will impact the scanning and produce false positive?

James Chang

Hi huisheng,

I suggest to submit a support request so we can investigate further with our product team

huisheng

Hi James, how do I submit a support request?

Is there an email?

Thanks.

James Chang

Hi huisheng

Please fill in the form here - https://www.f-secure.com/en/business/support-and-downloads/support-request