Defenses against 15 classes of application vulnerabilities
The Web Application Firewall employs a positive security model to protect against attacks exploiting any one of the 15 classes of application vulnerabilities. Without complete, 15-out-of-15-protection, applications are exposed to unnecessary risks.
- Buffer overflow exploits – A common type of input validation attack that overflows a buffer with excessive data. Successfully executed, the hacker can run a remote shell on the machine and gain the same system privileges granted to the application being attacked.
- CGI-BIN parameter manipulation – An input validation attack that illegally modifies data that is passed to a server-side script. Without proper validation of query parameters passed to CGI scripts, a hacker can gain unauthorized system privileges allowing him to modify files, run commands and execute other operations.
- Form/hidden field manipulation – Modifying the contents of a hidden field in an attempt to trick the application into accepting invalid data.
- Forceful browsing – Access of unauthorized and unadvertised URLs to gain access to the root directory of a Web server, or other areas that should be off limits.
- Cookie/session poisoning – Reverse engineering weak cookies to steal a user’s session or impersonate a legitimate user of an application.
- Broken ACLs/weak passwords – Circumventing an application’s access control system by requesting resources for which the user should not have access.
- Cross-site scripting (XSS) – Attacking the trust relationship between a user and a Web application. Tricking the user or the user’s browser into sending an attacker confidential information that can be used to steal that user’s identity.
- Command injection – Inserting system commands in program variables such as form fields, that get inadvertently executed on the server.
- SQL injection – An input validation attack that sends SQL commands to Web applications, which are then passed to a back-end database. Successfully executed, the hacker can gain access to a sensitive information store.
- Error triggering sensitive information leaks – Feeding malformed, illegitimate data to an application with the goal of generating errors and gaining sensitive information about the application environment.
- Insecure use of crypto – Exploiting an application’s use of a weak cryptographic algorithm in digitally signing cookies.
- Server misconfiguration – Exploiting server misconfigurations, including the failure to fully lock down or harden the Web server, disable default accounts and services, or remove unnecessary functionality.
- Back doors and debug options – Exploiting application back doors or debug code on production systems.
Web site defacement – Malicious modification of Web pages.
- Well-known platform vulnerabilities – Exploiting unpatched vulnerabilities of Web servers or operating systems to gain unauthorized access to an application.
- Zero-day exploits – A vulnerability that is exploited before it is announced publicly and before vendor-developed patches, signatures or other fixes are available.