The Most common Web Application Vulnerabilities:
- SQL Injection(SQLi)
- Cross-Site Scripting (XSS)
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross-Site Request Forgery (CSRF)
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure to Restrict URL Access
- Insufficient Transport Layer Protection
- Unvalidated Redirects and Forwards
- Protection Against Top Vulnerability(XSS,SQLi,..etc)
- Very Few False Positives (i.e., should NEVER disallow an authorized request)
- Strength of Default (Out of the Box) Defenses
- Power and Ease of Learn Mode
- Types of Vulnerabilities it can prevent.
- Detects disclosure and unauthorized content in outbound reply messages, such as credit-card and Social Security numbers.
- Both Positive and Negative Security model support.
- Simplified and Intuitive User Interface.
- Cluster mode support.
- High Performance (milliseconds latency).
- Complete Alerting, Forensics, Reporting capabilities.
- Web Services\XML support.
- Brute Force protection.
- Ability to Active (block and log), Passive (log only) and bypass the web trafic.
- Ability to keep individual users constrained to exactly what they have seen in the current session
- Ability to be configured to prevent ANY specific problem (i.e., Emergency Patches)
- Form Factor: Software vs. Hardware (Hardware generally preferred)
No comments:
Post a Comment