How many Attack Type in F5 ASM -

We can discuss how many types of attacks in F5 ASM -

Attack Type

Explanation

Buffer overflow                                                                         

Buffer overflow exploits are attacks that alter the flow on an application by overwriting parts of memory.

Directory indexing

Automatic directory listing/indexing is a web server function that lists all of the files within a requested directory if the normal base file is not present.

Authentication/authorization attacks

Authentication section covers attacks that target a website's method of validating the identity of a user, service, or application. The authorization section covers attacks that target a website's method of determining if a user, service, or application has the necessary permissions to perform requested action.

Information leakage

Information leakage is when a website reveals sensitive data, such as developer comments or error messages, which may aid an attacker in exploiting the system.

Predictable resource location

Predictable resource location is an attack technique used to uncover hidden website content and functionality.

Command execution

 Command Execution. Many web applications call operating system processes via the command line. If your application calls out to the OS, you need to be sure command strings are securely constructed.

Vulnerability scan

A vulnerability scan is an attack technique that uses an automated security program to probe a web application for software vulnerabilities.

Brute force

Brute force attack is an outside attempt by hackers to access post-logon pages of a website by guessing usernames and passwords;

Brute Force Meaning A Brute Force attack can be defined as an error or trial technique used by various application programs for decoding encrypted data like DES (Data Encryption Standard) or password keys. An application of Brute Force attack proceeds from each possible set of legal characters within the sequence..

Denial of Service

Denial of service (DoS) is an attack technique that overwhelms system resources to prevent a web site from serving normal user activity.

Trojan/Backdoor/Spyware

Attackers use Trojan horse, backdoor, and spyware attacks to try to circumvent a web servers or web applications built-in security by masking the attack within a legitimate communication. For example, an attacker may include an attack in an email or Microsoft Word document, and when a user opens the email or document, the attack launches.

Other application attacks

This attack category represents attacks that do not fit into the more explicit attack classifications.

Abuse of functionality

Abuse of functionality is an attack technique that uses a website's own features and functionality to consume, defraud, or circumvent the applications access control mechanisms.

Cross-site scripting (XSS)

Cross-site scripting (XSS) is an attack technique that forces a website to echo attacker-supplied executable code, which loads in a user's browser.

Server-side code injection

SSI injection (server-side include) is a server-side exploit technique that allows an attacker to send code into a web application, which is then run locally by the web server.

SQL injection

SQL Injection is an attack technique used to exploit websites that construct SQL statements from user-supplied input.

Detection evasion

Detection evasion is an attack technique that attempts to disguise or hide an attack to avoid detection by an attack signature.

Path traversal

The path traversal attack technique forces access to files, directories, and commands that potentially reside outside the web document root directory.

LDAP injection

LDAP injection is an attack technique used to exploit web sites that construct LDAP statements from user-supplied input.

Forceful Browsing

Forceful Browsing attacks attempt to access data outside the specific access schema of the application.

HTTP parser attack

HTTP parser attacks attempt to execute malicious code, extract information, or enact Denial of Service by targeting the HTTP parser directly.

HTTP Request Smuggling

HTTP Request Smuggling attacks attempt to encapsulate one request within another request through a web proxy.

HTTP Response Splitting

HTTP Response Splitting attacks attempt to manipulating the server into inject a CR/LF sequence in its response headers.

Injection Attempt

Injection Attempt attacks exploit weakness in various other applications in order to inject and/or execute malicious code.

Malicious File Upload

Malicious File Upload attacks attempt to exploit services by uploading files that may contain malicious code.

Non Browser Client

Non Browser Client attacks use crawlers or other scripts to simulate human activity.

Other application activity

This attack category represents attacks that do not fit into the more explicit attack classifications.

Parameter tampering

Parameter Tampering attacks attempt to manipulate and capture data by modifying parameters in HTTP query strings.

Remote file include

Remote file location attacks attempt to exploit web applications that may retrieve and execute the code included in remote files.

Server side code injection

Server side code injection attempts to exploit weakness in applications and services to force those services to execute malicous code.

Session Hijacking

Session hijacking attacks attempt to hijack a valid extant user session.

Web Scraping

Web scraping attacks simulate human exploration of the Web to harvest site information.

XML Parser Attack

XML parser attacks attempt execute malicious code or enact a Denial of Service by targeting the XML parser directly.

XPath Injection

XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents.