Protection

Usage

OWASP A1

INSECURE METHOD PARAMETER

This type of risk is a business specific injection type. In this case a custom injection may be performed if an untrusted input is accepted in a particular method. This particular method will then carry out an operation that is vulnerable to injection. There are several kinds of situation in which it could be used, i.e. custom-type storage system that has its own query language, access to a different backend that assumes trusted inputs, etc. Using this analyzer a method can be marked as vulnerable in order to detect and protect against any untrusted data that reaches the method. The developer uses a custom mark to identify the methods to be monitored.

More Information

SQL INJECTION

A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application.

A successful SQL injection exploit can read sensitive data from the database, modify data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. With SQL injection attacks, SQL commands are injected into data-plane input in order to execute predefined SQL commands.

More Information

OWASP A2

BROKEN AUTHENTICATION AND SESSION MANAGEMENT

These types of weaknesses can allow an attacker to either capture or bypass the authentication methods used by a web application.

More Information

BRUTE FORCE LOGIN

An attacker tries to guess a correct password or the key which is typically created from the password making a brute-force attack.

More Information

OWASP A3

XSS

Cross-site Scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites.

More Information

OWASP A4

INSECURE DIRECT OBJECT REFERENCES

Parameter tampering is a form of Web-based attack in which certain parameters in the Uniform Resource Locator (URL), or form field data entered by a user on a web page, are changed without that user's authorization. This points the browser to a link, page or site other than the one the user intends (although it may look exactly the same to the casual observer).

More Information

OWASP A5

SECURITY MISCONFIGURATION

An attacker may access default accounts, unused pages, unpatched flaws, unprotected files and directories, etc. to gain knowledge or unauthorized access to the system.

More Information

STACKTRACE LEAK

App server configuration allows stack traces to be returned to users, potentially exposing underlying flaws. Attackers could use the extra information provided by error messages.

More Information

OWASP A6

SENSITIVE DATA EXPOSURE

These types of vulnerabilities allow attackers to obtain sensitive data such as credit card details, health/personal information or usernames and passwords.

More Information

OWASP A7

FUNCTION LEVEL ACCESS CONTROL

This protection feature prevents OWASP A7 from being exploited. A7 risks could result from insufficient protection of sensitive request handlers within an application

  • Can a user directly browse to a resource?
  • Does the UI expose an unauthorized resource?
It can be anything from seemingly useless information to a full system takeover.

More Information

PATH TRAVERSAL

A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with a “dot-dot-slash (../)” sequence and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files. It should be noted that access to files is limited by the system’s operational access c ontrol, such as in the case of locked or in-use files on the Microsoft Windows operating system.

More Information

OWASP A7 - 2017

MALICIOUS BINARY

This rule prevents any infected binary file being uploaded to the server by blocking its transfer.

More Information

MALICIOUS BOTS

This rule helps to block BOTs that are reputed to be malicious.

More Information

MALICIOUS IP

Malicious IPs are IPs that are reputed to be a source of attacks. This analyzer obtains malicious IPs from external sources, but additionally, it is able to detect attack patterns, including those IPs on a rejected IP list. Any IP present on those lists will be banned and the application protected against the attacker.

More Information

REQUEST DOS

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed for. There are many ways to make a service unavailable to legitimate users - by manipulating network packets, programming or resources handling vulnerabilities among others. If a service receives a very large number of requests, it may cease to be available to legitimate users. In the same way, a service may stop if a programming vulnerability is exploited, or due to the way the service handles resources it uses.

This analyzer allows DOS rules to be configured in order to detect them and block the attacker if desired. .

More Information

OWASP A8

CSRF

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated. CSRF attacks specifically target state-changing requests, not data, since the attacker has no way of seeing the response to the forged request. With a little help from social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state-changing requests like transferring funds, changing their email address, and so on. If the victim is an administrative account, CSRF can compromise the entire web application.

More Information

OWASP A9

DEPENDENCY

Some vulnerable components (e.g., framework libraries) can be identified and exploited with automated tools, expanding the threat agent pool beyond targeted attackers to include chaotic actors.

More Information

OWASP A10

UNVALIDATED REDIRECT FORWARDS

The application is using an untrusted input to craft a redirect/forward url.

More Information

Other

UNTRUSTED DESERIALIZATION

Data which is untrusted also cannot be trusted to be well formed. Malformed or unexpected data could be used to abuse application logic, deny service, or execute arbitrary code when deserialized.

More Information