How many types of Attack in F5 ASM
How many Attack Type in F5 ASM -
We can discuss how many types of attacks in F5 ASM -
| Attack Type | Explanation |
| Buffer overflow | Buffer overflow exploits are attacks that alter the flow on an application by overwriting parts of memory. |
| Directory indexing | Automatic directory listing/indexing is a web server function that lists all of the files within a requested directory if the normal base file is not present. |
| Authentication/authorization attacks | Authentication section covers attacks that target a website's method of validating the identity of a user, service, or application. The authorization section covers attacks that target a website's method of determining if a user, service, or application has the necessary permissions to perform requested action. |
| Information leakage | Information leakage is when a website reveals sensitive data, such as developer comments or error messages, which may aid an attacker in exploiting the system. |
| Predictable resource location | Predictable resource location is an attack technique used to uncover hidden website content and functionality. |
| Command execution | Command Execution. Many web applications call operating system processes via the command line. If your application calls out to the OS, you need to be sure command strings are securely constructed. |
| Vulnerability scan | A vulnerability scan is an attack technique that uses an automated security program to probe a web application for software vulnerabilities. |
| Brute force | Brute force attack is an outside attempt by hackers to access post-logon pages of a website by guessing usernames and passwords; |
| Brute Force Meaning A Brute Force attack can be defined as an error or trial technique used by various application programs for decoding encrypted data like DES (Data Encryption Standard) or password keys. An application of Brute Force attack proceeds from each possible set of legal characters within the sequence.. | |
| Denial of Service | Denial of service (DoS) is an attack technique that overwhelms system resources to prevent a web site from serving normal user activity. |
| Trojan/Backdoor/Spyware | Attackers use Trojan horse, backdoor, and spyware attacks to try to circumvent a web servers or web applications built-in security by masking the attack within a legitimate communication. For example, an attacker may include an attack in an email or Microsoft Word document, and when a user opens the email or document, the attack launches. |
| Other application attacks | This attack category represents attacks that do not fit into the more explicit attack classifications. |
| Abuse of functionality | Abuse of functionality is an attack technique that uses a website's own features and functionality to consume, defraud, or circumvent the applications access control mechanisms. |
| Cross-site scripting (XSS) | Cross-site scripting (XSS) is an attack technique that forces a website to echo attacker-supplied executable code, which loads in a user's browser. |
| Server-side code injection | SSI injection (server-side include) is a server-side exploit technique that allows an attacker to send code into a web application, which is then run locally by the web server. |
| SQL injection | SQL Injection is an attack technique used to exploit websites that construct SQL statements from user-supplied input. |
| Detection evasion | Detection evasion is an attack technique that attempts to disguise or hide an attack to avoid detection by an attack signature. |
| Path traversal | The path traversal attack technique forces access to files, directories, and commands that potentially reside outside the web document root directory. |
| LDAP injection | LDAP injection is an attack technique used to exploit web sites that construct LDAP statements from user-supplied input. |
| Forceful Browsing | Forceful Browsing attacks attempt to access data outside the specific access schema of the application. |
| HTTP parser attack | HTTP parser attacks attempt to execute malicious code, extract information, or enact Denial of Service by targeting the HTTP parser directly. |
| HTTP Request Smuggling | HTTP Request Smuggling attacks attempt to encapsulate one request within another request through a web proxy. |
| HTTP Response Splitting | HTTP Response Splitting attacks attempt to manipulating the server into inject a CR/LF sequence in its response headers. |
| Injection Attempt | Injection Attempt attacks exploit weakness in various other applications in order to inject and/or execute malicious code. |
| Malicious File Upload | Malicious File Upload attacks attempt to exploit services by uploading files that may contain malicious code. |
| Non Browser Client | Non Browser Client attacks use crawlers or other scripts to simulate human activity. |
| Other application activity | This attack category represents attacks that do not fit into the more explicit attack classifications. |
| Parameter tampering | Parameter Tampering attacks attempt to manipulate and capture data by modifying parameters in HTTP query strings. |
| Remote file include | Remote file location attacks attempt to exploit web applications that may retrieve and execute the code included in remote files. |
| Server side code injection | Server side code injection attempts to exploit weakness in applications and services to force those services to execute malicous code. |
| Session Hijacking | Session hijacking attacks attempt to hijack a valid extant user session. |
| Web Scraping | Web scraping attacks simulate human exploration of the Web to harvest site information. |
| XML Parser Attack | XML parser attacks attempt execute malicious code or enact a Denial of Service by targeting the XML parser directly. |
| XPath Injection | XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. |
No comments