View information about protection categories for the Web
Application Protection feature.
Client-side attacks
This type of attack exploits the trust relationship between
a user and the web sites they visit.
Injection attacks
This type of attack allows an attacker to inject code into
a program or query or inject malware onto a computer in order to execute
remote commands that can read or modify a database, or change data
on a web site.
Malicious file execution attacks
This type of attack allows an attacker to execute code
remotely, install a root kit remotely, compromise the entire system,
and compromise the internal system (on Windows systems) through the use of SMB file
wrappers for the PHP scripting language.
Information disclosure attacks
This type of attack is aimed at acquiring system specific
information about a web site including software distribution, version
numbers, and patch levels. The acquired information might also contain
the location of backup files or temporary files.
Path traversal attacks
This type of attack forces access to files, directories,
and commands that are located outside the web document root directory
or CGI root directory.
Authentication attacks
This type of attack targets and attempts to exploit the
authentication process a web site uses to verify the identity of a
user, service, or application.
Buffer overflow attacks
This type of attack overflows a buffer with excessive data,
which allows an attacker to run remote shell on the computer and gain
the same system privileges granted to the application being attacked.
Brute force attacks
This type of attack uses a repetitive method of trial and
error in order to guess a person's user name, password, credit card
number, or cryptographic key.
Directory indexing attacks
This type of attack exploits a function of the web server
that lists all the files within a requested directory if the normal
base file is not present.
Miscellaneous attacks
This type of attack exploits vulnerable web servers by
forcing cache servers or web browsers into disclosing user specific
information that might be sensitive and confidential.