Issued: November 29, 2023 (All Times Eastern/U.S.)
What’s changing?
Starting January 31, 2024, Contrast will begin the process of deprecating four outdated SQL injection rules for .NET agents. This update aims to align .NET support with our other agents. The affected rules are:
- SQL Injection - Chained Queries
- SQL Injection - Dangerous Function
- SQL Injection - Suspicious Unions
- SQL Injection - Tautologies
Implementation Details:
- Immediate Action Recommended: We advise customers to proactively turn off these four rules as soon as possible.
- Beginning as early as January 1, 2024: Contrast will stop storing and processing Probe reports for these 4 rules.
- .NET Agent Update: In our upcoming release in February of next year, these rules will be completely removed from the .NET agent.
- SaaS Team Server Adjustments: These rules will be deactivated and removed from SaaS Team Server instances, targeting completion by January 31, 2024.
- EOP Version Update: The rules will be deactivated and removed from EOP starting with version 3.11.0 on February 21, 2024.
Why This Change?
Based on consistent customer feedback, these rules have been deemed unnecessary. They were previously deprecated from our Java agent to minimize irrelevant data in attack event records. Applying the same changes to the .NET agent will significantly diminish data noise for .NET users of Protect, enhancing database performance for our SaaS customers.
Impact On Your Operations:
This modification is expected to streamline your experience with the Attack Events grid by eliminating redundant data. We recommend:
- Deactivating these four rules in all your .NET applications immediately.
-
Upgrading to the new .NET agent version upon its release to ensure compatibility and optimal performance.
Technical Support:
Our engineering team will manage updates to the TeamServer UI, requiring no action from your side.
For any inquiries, clarifications, or further discussions, feel free to contact us at support@contrastsecurity.com