Applies To:

Show Versions Show Versions

Manual Chapter: Security Policy Violations
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Security policy violations (or just violations) occur when some aspect of a request or response does not comply with the security policy for a web application. Violations occur in the following categories:
The Application Security Manager reports RFC violations when the format of an HTTP request violates the HTTP RFCs. RFC documents are the general specifications that summarize the standards used across the Internet and networking engineering community. RFCs, as they are commonly known, are published by the International Engineering Task Force (IETF). For more information on RFCs, see http://www.ietf.org/rfc. Table A.1 lists the RFC violations and describes the event that triggers the violation.
Access violations occur when an HTTP request tries to gain access to an area of a web application and the Security Enforcer detects a reference to one or more entities that are not defined in the security policy as part of the web application. Table A.2 lists the access violation types and describes the event that triggers the violation.
The incoming request is larger than the buffer for the Security Enforcer parser. When the system receives a request that triggers this violation, it stops validating the request for other violations.
Length violations occur when an HTTP request contains an entity that exceeds the length setting that is defined in the security policy. Table A.3 lists the types of length violations and describes the event that triggers the violation.
The incoming request contains a query string whose length exceeds the acceptable length as specified in the security policy.
Input violations occur when an HTTP request includes a parameter or header that contains data or information that does not match, or comply with, the security policy. Input violations most often occur when the security policy contains defined user-input parameters. Table A.4 lists the types of input violations and describes the event that triggers the violation.
The incoming request contains attacks or combinations having the pattern of an attempt to access secured parts of the site by guessing user name and password.
The incoming request contains a character that does not comply with the encoding of the web application (the character set of the security policy), and the Security Enforcer cannot convert the character to current the encoding.
The incoming request includes a header whose value contains a meta character that is not allowed in the security policy. Note that if you accept the meta character that caused the violation, the Application Security Manager updates the character set for header values to allow the meta character.
The incoming request includes a parameter whose value contains a meta character that is not allowed in the security policy. Note that if you accept the meta character that caused the violation, the Application Security Manager updates the character set for parameter values to allow the meta character.
The incoming request contains either too few or too many mandatory parameters on a flow. Note that only flows can contain mandatory parameters.
The incoming request contains a parameter for which the data type does not match the data type that is defined in the security policy. This violation applies to user-input parameters, which may be defined in the security policy as either integer, alpha-numeric, decimal, phone, or email.
The incoming request contains a parameter whose value is not in the range of decimal or integer values defined in the security policy.
The incoming request contains a parameter whose value length does not match the value length that is defined in the security policy. Note that this violation is relevant only for user input parameters.
The incoming multi-part request has a parameter that contains a binary NULL (0x00) value and the content-type header parameter type is binary when the parameter is defined in the security policy as user-input alpha-numeric.
Parameter value does not comply with regular expression
The incoming request contains an alphanumeric parameter value that does not match the expected pattern specified by the regular-expression field for that parameter.
XML data does not comply with schema or WSDL document
Note: The Security Enforcer cannot distinguish between dynamic parameters that have been defined incorrectly, and dynamic parameters that actually contain bad values. In both cases, the system issues the Illegal parameter violation. It is up to the user to evaluate the request, to determine what caused the violation.
Cookie violations occur when the cookie values in the HTTP request do not comply with the security policy. Cookie violations may indicate malicious attempts to hijack private information. Table A.5 lists the cookie violation types and describes the event that triggers the violation.
The time stamp in the HTTP cookie is old, which indicates that a client has been idle for too long or the malicious reuse of an outdated cookie.
The domain cookies in the HTTP request do not match the original domain cookies or are not defined as allowed modified domain cookies in the security policy.
Negative security violations occur when an incoming request contains a string pattern that matches an attack signature in one of the security policys attack signature sets, or when a response contains exposed user data, for example a credit card number.
Table A.6 lists the negative security violations and describes the event that triggers the violation.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)