溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
And how BIG-IP ASM mitigates the vulnerabilities.
Vulnerability | BIG-IP ASM Controls | |
A1 | Injection Flaws | Attack signatures Meta character restrictions Parameter value length restrictions |
A2 | Broken Authentication and Session Management | Brute Force protection Credentials Stuffing protection Login Enforcement Session tracking HTTP cookie tampering protection Session hijacking protection |
A3 | Sensitive Data Exposure | Data Guard Attack signatures (“Predictable Resource Location” and “Information Leakage”) |
A4 | XML External Entities (XXE) | Attack signatures (“Other Application Attacks” - XXE) XML content profile (Disallow DTD) (Subset of API protection) |
A5 | Broken Access Control | File types Allowed/disallowed URLs Login Enforcement Session tracking Attack signatures (“Directory traversal”) |
A6 | Security Misconfiguration | Attack Signatures DAST integration Allowed Methods HTML5 Cross-Domain Request Enforcement |
A7 | Cross-site Scripting (XSS) | Attack signatures (“Cross Site Scripting (XSS)”) Parameter meta characters HttpOnly cookie attribute enforcement Parameter type definitions (such as integer) |
A8 | Insecure Deserialization | Attack Signatures (“Server Side Code Injection”) |
A9 | Using components with known vulnerabilities | Attack Signatures DAST integration |
A10 | Insufficient Logging and Monitoring | Request/response logging Attack alarm/block logging On-device logging and external logging to SIEM system Event Correlation |
Specifically, we have attack signatures for “A4:2017-XML External Entities (XXE)”:
200018018 External entity injection attempt
200018030 XML External Entity (XXE) injection attempt (Content)
Also, XXE attack could be mitigated by XML profile, by disabling DTDs (and of course enabling the “Malformed XML data” violation):
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
