[rank_math_breadcrumb]

How many types of Attack in F5 ASM

Posted by

 How many Attack Type in F5 ASM –




We can discuss how many types of attacks in F5 ASM –

Attack Type

Explanation

Buffer overflow 
                     
                     
                     
     

Buffer
overflow exploits are attacks that alter the flow on an application by
overwriting parts of memory.

Directory
indexing

Automatic directory
listing/indexing is a web server function that lists all of the files within
a requested directory if the normal base file is not present.

Authentication/authorization
attacks

Authentication
section covers attacks that target a website’s method of validating the
identity of a user, service, or application. The authorization section covers
attacks that target a website’s method of determining if a user, service, or
application has the necessary permissions to perform requested action.

Information
leakage

Information
leakage is when a website reveals sensitive data, such as developer comments
or error messages, which may aid an attacker in exploiting the system.

Predictable
resource location

Predictable
resource location is an attack technique used to uncover hidden website
content and functionality.

Command
execution

 Command
Execution. Many web applications call operating system processes via the
command line. If your application calls out to the OS, you need to be sure
command strings are securely constructed.

Vulnerability
scan

A
vulnerability scan is an attack technique that uses an automated security
program to probe a web application for software vulnerabilities.

Brute
force

Brute force
attack is an outside attempt by hackers to access post-logon pages of a
website by guessing usernames and passwords;

Brute Force
Meaning A Brute Force attack can be defined as an error or trial
technique used by various application programs for decoding encrypted data
like DES (Data Encryption Standard) or password keys. An application of Brute
Force attack proceeds from each possible set of legal characters within the
sequence..

Denial of
Service

Denial of
service (DoS) is an attack technique that overwhelms system resources to
prevent a web site from serving normal user activity.

Trojan/Backdoor/Spyware

Attackers use
Trojan horse, backdoor, and spyware attacks to try to circumvent a web servers
or web applications built-in security by masking the attack within a
legitimate communication. For example, an attacker may include an attack in
an email or Microsoft Word document, and when a user opens the email or
document, the attack launches.

Other
application attacks

This attack
category represents attacks that do not fit into the more explicit attack
classifications.

Abuse of
functionality

Abuse of
functionality is an attack technique that uses a website’s own features and
functionality to consume, defraud, or circumvent the applications access
control mechanisms.

Cross-site
scripting (XSS)

Cross-site
scripting (XSS) is an attack technique that forces a website to echo
attacker-supplied executable code, which loads in a user’s browser.

Server-side
code injection

SSI injection
(server-side include) is a server-side exploit technique that allows an
attacker to send code into a web application, which is then run locally by
the web server.

SQL
injection

SQL Injection
is an attack technique used to exploit websites that construct SQL statements
from user-supplied input.

Detection
evasion

Detection
evasion is an attack technique that attempts to disguise or hide an attack to
avoid detection by an attack signature.

Path
traversal

The path
traversal attack technique forces access to files, directories, and commands
that potentially reside outside the web document root directory.

LDAP
injection

LDAP injection
is an attack technique used to exploit web sites that construct LDAP
statements from user-supplied input.

Forceful
Browsing

Forceful
Browsing attacks attempt to access data outside the specific access schema of
the application.

HTTP
parser attack

HTTP parser
attacks attempt to execute malicious code, extract information, or enact
Denial of Service by targeting the HTTP parser directly.

HTTP
Request Smuggling

HTTP Request
Smuggling attacks attempt to encapsulate one request within another request
through a web proxy.

HTTP
Response Splitting

HTTP Response
Splitting attacks attempt to manipulating the server into inject a CR/LF
sequence in its response headers.

Injection
Attempt

Injection
Attempt attacks exploit weakness in various other applications in order to
inject and/or execute malicious code.

Malicious
File Upload

Malicious
File Upload attacks attempt to exploit services by uploading files that may
contain malicious code.

Non
Browser Client

Non Browser
Client attacks use crawlers or other scripts to simulate human activity.

Other
application activity

This attack
category represents attacks that do not fit into the more explicit attack
classifications.

Parameter
tampering

Parameter Tampering
attacks attempt to manipulate and capture data by modifying parameters in
HTTP query strings.

Remote
file include

Remote file
location attacks attempt to exploit web applications that may retrieve and
execute the code included in remote files.

Server
side code injection

Server side
code injection attempts to exploit weakness in applications and services to
force those services to execute malicous code.

Session
Hijacking

Session
hijacking attacks attempt to hijack a valid extant user session.

Web
Scraping

Web scraping
attacks simulate human exploration of the Web to harvest site information.

XML Parser
Attack

XML parser attacks
attempt execute malicious code or enact a Denial of Service by targeting the
XML parser directly.

XPath
Injection

XPath
Injection is an attack technique used to exploit applications that construct
XPath (XML Path Language) queries from user-supplied input to query or
navigate XML documents.

 

[the-post-grid id=”9538″ title=””]

Visit Our Store and Buy All document (F5, Zscaler, ASA, Paloalto, Checkpoint,Forescout, Cisco ISE etc) only in  1600RS, click here on store - Store

X
error: Content is protected !!