View information about protection categories for the Web
Application Protection feature.
Client-side attacks
Client-side attacks exploit the trust relationship between
a user and the websites they visit.
Injection attacks
Injection attacks allow an attacker to inject code into
a program or query or inject malware onto a computer to execute remote
commands that can read or modify a database, or change data on a website.
Malicious file execution attacks
Malicious file execution attacks allow an attacker to execute
code remotely, install a root kit remotely, compromise the entire
system, and compromise the internal system (on Windows systems) by using SMB file wrappers
for the PHP scripting language.
Information disclosure attacks
Information disclosure attacks are aimed at acquiring system-specific
information about a website such as software distribution, version
numbers, and patch levels. The acquired information might also contain
the location of backup files or temporary files.
Path traversal attacks
Path traversal attacks force access to files, directories,
and commands that are located outside the web document root directory
or CGI root directory.
Authentication attacks
Authentication attacks target and attempt to exploit the
authentication process a website uses to verify the identity of a
user, service, or application.
Buffer overflow attacks
Buffer overflow attacks overflow a buffer with excessive
data. This type of attack allows an attacker to run remote shell on
the computer and gain the same system privileges that are granted
to the application that is being attacked.
Brute force attacks
Brute force attacks use a repetitive method of trial and
error to guess a person's user name, password, credit card number,
or cryptographic key.
Directory indexing attacks
Directory indexing attacks exploit a function of the web
server that lists all the files within a requested directory if the
normal base file is not present.
Miscellaneous attacks
Miscellaneous attacks exploit vulnerable web servers by
forcing cache servers or web browsers into disclosing user-specific
information that might be sensitive and confidential.