WAF Pattern for OWASP 2021 | Cloud SECaaS platform AIONCLOUD

AIONCLOUD BLOG

Share information related to AIONCLOUD !

Back to BLOG Main

WAF Pattern for OWASP 2021

A01_2021-Broken Access Control
Vulnerability due to weak access control that could lead to unauthorized viewing, modification, or deletion of data.

- Vulnerable page access detection
- Directory Listing
- Stem file access detection

A02_2021-Cryptographic Failures
Vulnerability that may result in information leakage due to inadequate encryption of data in transit and storage

- Personal Information Intrusion Detection
- Detect personal information leakage
- SSL offload

A03_2021-Injection
Vulnerability where untrusted data can be injected into commands or query statements and sent to the interpreter, resulting in compromised information leakage

- SQL Injection
- LDAP Injection
- Command injection
- NoSQL Injection

A04_2021-Insecure Design
Vulnerabilities that threats can exploit to issue due to missing or ineffective control design

- URL Encryption
- Application Profiling
- API Protection

A05_2021-Security Misconfiguration
Vulnerabilities that can be caused by missing settings for security in applications and cloud services

- Error page cloaking
- Header cloaking
- HTTP method restriction detection
- HTTP malformed request detection

A06_2021-Vulnerable and Outdated Components
Vulnerabilities that can be caused by using vulnerable or unsupported versions of software, libraries, components, etc. and failure to apply security updates

- Application vulnerability detection
- Web server vulnerability detection

A07_2021-Identification and Authentication Failures
Vulnerabilities that allow an attacker to launch automated attacks such as credential stuffing with a list of account information

- Cookie forgery detection
- Fraudulent login attempts

A08_2021-Software and Data Integrity Failures
Vulnerabilities that can occur when relying on untrusted source code, repositories, CDNs, libraries, or modules

- Application vulnerability detection
- Cookie forgery detection

A09_2021-Security Logging and Monitoring Failures
Vulnerabilities where threats can be caused by untrusted input to logging and monitoring systems

- URL Access Rules
- Preferred policy: URL access rules
- All policy responsesData logging.

A10_2021- Server-Side Request Forgery (SSRF)
Vulnerability that can occur when a web application fetches a remote resource without validation.

- Header vulnerability detection
- Cross-site scripts
- IP Policies

Copyright 2024 AIONCLOUD's All Right Reserved| Privacy Policy| Terms of Use| Cookie Settings
Scroll Up