Injection Prevention
SQL injection and XSS detection and path traversal prevention.
Requirements Coverage
REQ-SEC-002
Prevent open redirect attacks
REQ-SEC-004
Prevent error information disclosure
REQ-SEC-005
Prevent HTTP request smuggling
Test Examples
INJ-001BLOCKED
SQL injection in state parameter blocked
Sample Request
curl 'https://keycloak-alg:8443/realms/myapp/protocol/openid-connect/auth?\
response_type=code&client_id=myapp&state=abc%27%20OR%201%3D1--'Expected Response
{"error":"access_denied","error_description":"Request blocked by security policy"}INJ-002BLOCKED
Path traversal blocked
Sample Request
curl 'https://keycloak-alg:8443/realms/myapp/../../admin/realms/master'Expected Response
{"error":"access_denied","error_description":"Request blocked by security policy"}