Defenses against 15 classes of application vulnerabilities

The Web Application Firewall employs a positive security model to protect against attacks exploiting any one of the 15 classes of application vulnerabilities. Without complete, 15-out-of-15-protection, applications are exposed to unnecessary risks.

 

Buffer overflow exploits

A common type of input validation attack that overflows a buffer with excessive data. Successfully executed, the hacker can run a remote shell on the machine and gain the same system privileges granted to the application being attacked.


CGI-BIN parameter manipulation

An input validation attack that illegally modifies data that is passed to a server-side script. Without proper validation of query parameters passed to CGI scripts, a hacker can gain unauthorized system privileges allowing him to modify files, run commands and execute other operations.


Form/hidden field manipulation

Modifying the contents of a hidden field in an attempt to trick the application into accepting invalid data.


Forceful browsing

Access of unauthorized and unadvertised URLs to gain access to the root directory of a Web server, or other areas that should be off limits.


Cookie/session poisoning

Reverse engineering weak cookies to steal a user’s session or impersonate a legitimate user of an application.


Broken ACLs/weak passwords

Circumventing an application’s access control system by requesting resources for which the user should not have access.


Cross-site scripting (XSS)

Attacking the trust relationship between a user and a Web application. Tricking the user or the user’s browser into sending an attacker confidential information that can be used to steal that user’s identity.


Command injection

Inserting system commands in program variables such as form fields, that get inadvertently executed on the server.


SQL injection

An input validation attack that sends SQL commands to Web applications, which are then passed to a back-end database. Successfully executed, the hacker can gain access to a sensitive information store.


Error triggering sensitive information leaks

Feeding malformed, illegitimate data to an application with the goal of generating errors and gaining sensitive information about the application environment.


Insecure use of crypto

Exploiting an application’s use of a weak cryptographic algorithm in digitally signing cookies.


Server misconfiguration

Exploiting server misconfigurations, including the failure to fully lock down or harden the Web server, disable default accounts and services, or remove unnecessary functionality.


Back doors and debug options

Exploiting application back doors or debug code on production systems. Web site defacement – Malicious modification of Web pages.


Well-known platform vulnerabilities

Exploiting unpatched vulnerabilities of Web servers or operating systems to gain unauthorized access to an application.


Zero-day exploits

A vulnerability that is exploited before it is announced publicly and before vendor-developed patches, signatures or other fixes are available.

Web Application Exploit Protection is a component of our WAF

Learn more about this service, our cloud platform, intuitive web-based management interface, pricing, 24x7 support and more by visiting our Web Application Firewall overview page.

Customers who trust us:

Web Application Exploit Protection is a component of our WAF
Web Application Exploit Protection is a component of our WAF
Web Application Exploit Protection is a component of our WAF
Web Application Exploit Protection is a component of our WAF
Web Application Exploit Protection is a component of our WAF
Web Application Exploit Protection is a component of our WAF

Stop the next attack now!

Try It Free

Have a question? Contact us