View information about the protection categories
for the Web
Application Protection feature for the Network IPS appliance.
Client-side attacks
Client-side
attacks exploit the trust relationship between
a user and the websites they visit.
Injection attacks
Injection
attacks allow an attacker to inject code into
a program or query or inject malware onto a computer to execute remote
commands that can read or modify a database, or change data on a website.
Malicious file execution attacks
Malicious file execution
attacks allow an attacker to execute
code remotely, install a root kit remotely, compromise the entire
system, and compromise the internal system (on Windows systems) by using SMB file wrappers
for the PHP scripting language.
Information disclosure attacks
Information disclosure attacks are aimed at
acquiring system-specific
information about a website such as software distribution, version
numbers, and patch levels. The acquired information might also contain
the location of backup files or temporary files.
Path traversal attacks
Path
traversal attacks force access to files, directories,
and commands that are located outside the web document root directory
or CGI root directory.
Authentication attacks
Authentication
attacks target and attempt to exploit the
authentication process a website uses to verify the identity of a
user, service, or application.
Buffer overflow attacks
Buffer overflow attacks overflow a buffer with excessive
data. This type of attack allows an attacker to run remote shell on
the computer and gain the same system privileges that are granted
to the application that is being attacked.
Brute force attacks
Brute
force attacks use a repetitive method of trial and
error to guess a person's user name, password, credit card number,
or cryptographic key.
Directory indexing attacks
Directory indexing attacks exploit a function of the web
server that lists all the files within a requested directory if the
normal base file is not present.
Miscellaneous attacks
Miscellaneous
attacks exploit vulnerable web servers by
forcing cache servers or web browsers into disclosing user-specific
information that might be sensitive and confidential.