Server-side JavaScript injection allows an adversary to perform a DoS attack and execute remote code. PT AF can protect web applications from JavaScript code injection. To detect template injection into request parameters, the Server-side JavaScript injection (SSJI) rule is designed. You can configure it in the rule card.

To protect a web application from JavaScript injection:Open the Server-side JavaScript injection (SSJI) rule card.Click .The list of the rule parameters will open.To edit the list of variables to be checked for malicious code, next to Checked HTTP parts, click and, on the open page, select what parts of an HTTP request must be checked by the rule, then click Save changes.You can select several values for each setting.To check request parts, you must configure a rule exclusion, next to Skipped HTTP request parts, click , then click Add condition, select a request part, and add the keys and values to the corresponding boxes, then click Save changes.Protection against JavaScript injection is now configured.

PT AF assigns to attacks detected by the Server-side JavaScript injection (SSJI) rule the Low severity and the RCE tag. The attack classification IDs are OWASP 2017-A1, CAPEC-242.