active security policy
The active security policy is the security policy whose criteria are determining the legitimacy of incoming requests for the web application. A web application can have only one active policy at a time.
application security class
The application security class is the logical bridge, or link, between the local traffic components and the application security components. You use the application security class to specify to which incoming HTTP traffic the system applies application security.
A security policy is in blocking mode when one or more Block flags are enabled. When a security policy is in blocking mode, and a request triggers a violation, rather than forwarding the request to the corresponding web application, the Application Security Manager returns the blocking response page with a Support ID to the client.
A buffer overflow occurs when an application attempts to store more data in a temporary storage area than is allowed. When data in a buffer exceeds the size of the buffer, adjacent buffers can overflow, corrupting the data already stored there. In a buffer overflow attack, an attacker can incorporate additional codes designed to trigger specific actions which could send new instructions to the attacked system in order to damage the user's files, change data, or disclose confidential information.
Content spoofing is an attack technique that attempts to trick a user into thinking that false web site content is legitimate.
A cookie is a message sent to a Web browser by a Web server, that the server can retrieve at a later time. The browser stores the message in a text file. Cookies are usually used to track a user's actions when browsing a site. See also cookie manipulation.
Cookie manipulation is the process of altering or modifying cookie values on a client system's web browser in order to exploit security issues within a web application. An attacker can manipulate cookie values on the client system to fraudulently authenticate themselves to a web site. See also cookie.
Cross-site scripting (XSS) is a type of exploit where information from one context, where it is not trusted, can be inserted into another context, where it is. For example, an attacker can insert malicious coding into a link that appears trustworthy, but when a user follows the link, the embedded code is submitted as a part of the client system's request, which could allow the attacker access to the client system. See also client-side scripting.
Denial of Service
Denial of Service (DoS) is an attack technique on a network or web site that is designed to render the network or site useless by flooding it with excessive traffic. Processing the excess traffic can consume CPU cycles, memory usage, traffic bandwidth, and disk space, causing the system to become inaccessible to normal activity.
Directory traversal is an exploit that lets attackers access restricted directories and execute commands in areas beyond the normal web server directory. User access to web sites is typically restricted to the document root directory, or CGI root directory.
Dynamic content value (DCV) parameters
DCV parameters are those for which the web application sets the value on the server side. See also dynamic parameter.
A dynamic parameter is a parameter whose set of accepted values can change, and usually depend on the user session. For example, within a banking web application, the account number parameter is a dynamic parameter, since each user has one or more unique account numbers. See also static parameter.
See dynamic parameter.
An entity is one of the many components of a web application. Web objects, flows, parameters, and character sets are all examples of entities.
An entry point is a web page from which a user can access the corresponding web application.
false positive alarm
False positive alarms occur when the system blocks a request that is actually legitimate.
Flow is the defined access path for a browser to get from one object to another specific object within a web application. Flow is also known as application flow.
Parameters that are defined within the context of an application flow are known as flow parameters. See also global parameter, web object parameter.
form field manipulation
Form field manipulation is a technique where an attacker modifies HTML Form field input values or HTTP POST data to exploit a web application. See also cookie manipulation, parameter tampering.
format string attack
A format string attack is an exploit that uses string formatting library features to access alternate memory space in an application.
Within the Application Security Manager configuration, global parameters are defined parameters that are not associated with a specific web object or a specific application flow. The Policy Enforcer validates global parameters wherever they occur. See also flow parameter, web object parameter.
HTTP (HyperText Transfer Protocol)
HyperText Transfer Protocol (HTTP) is the protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and how a web browser requests data and how a web server responds.
See application security class.
See predictable file location.
The learning process is the process of making a security policy more accurate by verifying how the security policy complies with traffic requests. If the learning process finds discrepancies between the security policy and the traffic requests, it translates the discrepancies into a learning suggestion for modifying the security policy.
When a request triggers a violation, and the Learn flag is enabled for that violation, the Learning Manager generates a learning suggestion. The learning suggestion contains information about what in the request caused the violation.
A meta character is a special character in a program or form field that can control or give information about other characters. They may have special meaning to programming languages, operating systems, or database queries.
meta character injection
Meta character injection is an attack technique where an attacker sends meta characters as data input with the intent to manipulate a web application. See also cross-site scripting, null injection, parameter tampering, SQL injection.
negative security logic
The web application is subjected to all traffic, except that which is known to be a threat because it matches the system's built-in negative logic criteria. See also positive security logic.
Null injection is an attack technique that bypasses sanity checking filters by adding null-byte characters to a URL. If a user-input string contains a null character (0\), the web application on the site may stop processing the string at the null insertion point. This is a form of meta character injection. See also meta character injection, parameter tampering.
See web object.
OS commanding is an attack technique where an attacker runs operating system commands by manipulating application input. See also form field manipulation, parameter tampering.
See flow parameter, global parameter, web object parameter.
Parameter tampering is an attack technique in which the attacker tries to gain access to the web application by changing the parameter name and value pairs in a URL. This exploit is also referred to as URL manipulation. See also URL manipulation.
path traversal attacks
A path traversal attack is an HTTP attack technique that uses patterns like ../../ to get access to files not intended to be viewed above the WWW root, or in order to cross directories on the server.
positive security logic
When the security policy is in blocking mode, the security policy permits only known, legitimate traffic through to the web application. See also negative security logic.
predictable file location
Predictable file location is an example of a method that attackers can use to gain access to hidden content or functionality by making educated guesses about the names and locations of certain files. An attacker can search manually or automatically for directories, CGIs, or other configuration files based on knowledge of a particular type of web server system.
A referrer is a web page that can request other objects. For example, an HTML page can request a GIF, JPG, or PNG file. The HTML page is a referrer; the image files are not.
A regular expression (regexp) is a sequence of characters that provides the user with a powerful, flexible, and efficient test processing tool.
Safe traffic is traffic generated by a controlled group of users, those who are known not to be potential attackers.
Secure Sockets Layer
Secure Sockets Layer (SSL) is a standard protocol designed to provide an encrypted connection between two systems such as a web server and web browser. SSL uses two keys, a public key known to everyone, and a private key known to the recipient of the message.
In the Application Security Manager, the security policy is a set of rules that enables the Application Security Manager to understand whether a request is valid for a web application.
A session credential is a string of data that identifies a user to a web server. This string can be contained in a cookie or in the URL. See also session ID.
Session fixation is a technique that an attacker can use to force a different value to a user's session credential. See also session credential, session ID.
Session hijacking is the act of compromising a user's session. If an attacker hijacks a user's session, the attacker may appear to be the legitimate user to the web server. See also session credential, session ID.
A session ID is a string of data that identifies a user to a web server. This string can be contained in a cookie or in the URL. A session ID can track a user's session as he uses the web site.
Session manipulation is an attack technique where an attacker alters a session ID or session credential value in order to masquerade as a different user. See also session credential, session hijacking, session ID.
SQL injection is an attack technique used on database-driven web sites where an attacker runs unauthorized SQL commands by exploiting insecure code on a system to bypass the firewall in front of the SQL database. See also form field manipulation, parameter tampering.
A static parameter is a parameter in a request whose values are chosen from a known set of values, for example, the name of a country, a Yes/No form field, and so on. See also dynamic parameter.
See static parameter.
A target frame is the frame in a browser session to which the web object is loaded.
target security policy
The target security policy is the security policy that the system updates whenever you accept a learning suggestion. See also active security policy.
A security policy is in transparent mode when blocking is disabled. When a security policy is in transparent mode, the Application Security Manager forwards all requests to the web application. See also blocking mode.
URI (Universal Resource Identifier)
The Universal Resource Identifier (URI) specifies the name of a web object in a request. For example, in this web address http://www.siterequest.com/index.html, index.html is the URI.
URL (Universal Resource Locator)
A Universal Resource Locator (URL) is the standard method for specifying the location of an object on the Internet.
URL manipulation describes the process of changing the parameter name and value pairs of a web application. Also known as parameter tampering.
A web application is an application delivered to users from a web server to a web client, such as a web browser, over a network.
A web object is an individual page within a web application.See also referrer.
web object parameter
A web object parameter is a parameter that is defined within the context of a web object.