Web Application and API Protection employs a positive security model to protect against attacks exploiting any one of the 15 classes of application vulnerabilities. Without complete, 15-out-of-15-protection, applications are exposed to unnecessary risks.
A common type of input validation attack that overflows a buffer with excessive data. Successfully executed, the hacker can run a remote shell on the machine and gain the same system privileges granted to the application being attacked.
An input validation attack that illegally modifies data that is passed to a server-side script. Without proper validation of query parameters passed to CGI scripts, a hacker can gain unauthorized system privileges allowing him to modify files, run commands and execute other operations.
Modifying the contents of a hidden field in an attempt to trick the application into accepting invalid data.
Access of unauthorized and unadvertised URLs to gain access to the root directory of a Web server, or other areas that should be off limits.
Reverse engineering weak cookies to steal a user’s session or impersonate a legitimate user of an application.
Circumventing an application’s access control system by requesting resources for which the user should not have access.
Attacking the trust relationship between a user and a Web application. Tricking the user or the user’s browser into sending an attacker confidential information that can be used to steal that user’s identity.
Inserting system commands in program variables such as form fields, that get inadvertently executed on the server.
An input validation attack that sends SQL commands to Web applications, which are then passed to a back-end database. Successfully executed, the hacker can gain access to a sensitive information store.
Feeding malformed, illegitimate data to an application with the goal of generating errors and gaining sensitive information about the application environment.
Exploiting an application’s use of a weak cryptographic algorithm in digitally signing cookies.
Exploiting server misconfigurations, including the failure to fully lock down or harden the Web server, disable default accounts and services, or remove unnecessary functionality.
Exploiting application back doors or debug code on production systems. Web site defacement – Malicious modification of Web pages.
Exploiting unpatched vulnerabilities of Web servers or operating systems to gain unauthorized access to an application.
A vulnerability that is exploited before it is announced publicly and before vendor-developed patches, signatures or other fixes are available.
Customers who trust us: