Teros Hacker Attacks Defeated

Teros web application firewalls employ a positive security model to protect against attacks exploiting any one of the 16 classes of application vulnerabilities. Without complete 16 out of 16 protection, applications are exposed to unnecessary risks.

Buffer Overflow Exploits: A common type of input validation attack that overflows a buffer with excessive data. Successfully executed, the hacker can run a remote shell on the machine and gain the same system privileges granted to the application being attacked.

CGI-BIN Parameter Manipulation: An input validation attack that illegally modifies data that is passed to a server-side script. Without proper validation of query parameters passed to CGI scripts, a hacker can gain unauthorized system privileges allowing him to modify files, run commands, and execute other operations.

Form/Hidden Field Manipulation: Modifying the contents of a hidden field in an attempt to trick the application into accepting invalid data.

Forceful Browsing: Access of unauthorized and unadvertised URLs to gain access to the root directory of a web server, or other areas which should be off limits.

Cookie/Session Poisoning: Reverse engineering weak cookies to steal a user’s session or impersonate a legitimate user of an application.

Broken ACLs/Weak Passwords: Circumventing an application’s access control system by requesting resources for which the user should not have access.

Cross-Site Scripting (XSS): Attacking the trust relationship between a user and a web application. Tricking the user or the user’s browser into sending an attacker confidential information that can be used to steal that user’s identity.

Command Injection: Cleverly inserting system commands in program variables like form fields that get inadvertently executed on the server.

SQL Injection: An input validation attack that sends SQL commands to a web application, which are then passed to a back-end database. Successfully executed, the hacker can gain access to a sensitive information store.

Error Triggering Sensitive Information Leaks: Feeding malformed, illegitimate data to an application with the goal of generating errors and gaining sensitive information about the application environment.

Insecure Use of Crypto: Exploiting an application's use of a weak cryptographic algorithm in digitally signing cookies.

Server Misconfiguration: Exploiting server misconfigurations, including the failure to fully lock down or harden the web server, disable default accounts and services, or remove unnecessary functionality.

Back Doors and Debug Options: Exploiting application back doors or debug code on production systems.

Web Site Defacement: Malicious modification of web pages.

Well-known Platform Vulnerabilities: Exploiting unpatched vulnerabilities of web servers or operating systems to gain unauthorized access to an application.

Zero-Day Exploits: A vulnerability that is exploited before it is announced publicly and before vendor-developed patches/signatures/fixes are available.

 

  Teros Products

  Teros 100

  Teros 200

  Teros FireLine

  Teros Technology

  

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

800-ONIXNET (664-9638)
 Copyright © 2008
Onix Networking Corp.
All Rights Reserved

For competitive pricing or more in-depth information on any Teros product
call 800.664.9638 (800.ONIX.NET) or email

 

Actuate - Aeroprise - Alcatel-Lucent - Blue Coat - Borderware - Business Objects - Citrix - Colubris - Fortinet -
Global Crossings - Google - Hummingbird - Internet Security Systems - Juniper - Knova - Landesk -
 NetScreen - Powerlan - Right AnswersTeros - Thales - Waters Network Systems - Western Data Com