A SQL injection is a security exploit in which an attacker supplies Structured Query Language (SQL), in the form of a request for action via a Web form, directly to a Web application to gain access to back-end database and/or application data. This can cause unintended and malicious behavior by the targeted application. Typically this type of attack is successful due to a Web application's lack of user input validation, allowing users to supply SQL application code in HTML forms instead of normal text strings, for example.
The F5 BIG-IP® Application Security Manager application firewall sanitizes and validates user input in the application, screening for both known attack patterns and only allowing known data strings and formats to make it back to the application. By permitting only valid and authorized application transactions, BIG-IP Application Security Manager keeps malicious code from accessing the application servers, removing the burden of security and input validation from the application business logic.