Filter
Top Products
Fortinet 29 FortiWeb 5.0 Patch 6 Administration Guide
Credit card
theft
Attackers read users’ credit card
information in replies from a web
server.
Detect and sanitize
credit card data leaks.
Helps you comply with
credit car
d protection
standards, such as PCI
DSS 6.6.
Credit Card
Detection
Cross-site
re
qu
est
forgery
(CSRF)
A script causes a browser to
ac
cess a web site on which the
browser has already been
authenticated, giving a third party
access to a user’s session on that
site. Classic examples include
hijacking other peoples’ sessions
at coffee shops or Internet cafés.
Enforce web application
bus
iness logic to prevent
access to URLs from the
same IP but different
client.
Page Access
Cross-site
sc
ripting
(XSS)
Atta
ckers cause a browser to
execute a client-side script,
allowing them to bypass security.
Content filtering, cookie
security, disable
client-side scripts.
Cross Site
Scripting
Denial of
se
rvice
(DoS)
An
attacker uses one or more
techniques to flood a host with
HTTP requests, TCP
connections, and/or TCP SYN
signals. These use up available
sockets and consume resources
on the server, and can lead to a
temporary but complete loss of
service for legitimate users.
Watch for a multitude of
TC
P and HTTP requests
arriving in a short time
frame, especially from a
single source, and close
suspicious connections.
Detect increased SYN
signals, close half-open
connections before
resources are
exhausted.
DoS Protection
HTTP
he
ade
r
overflow
Attackers use specially crafted
HTTP/HTTPS requests to target
web server vulnerabilities (such
as a buffer overflow) to execute
malicious code, escalating to
administrator privileges.
Limit the length of HTTP
pr
otocol header fields,
bodies, and parameters.
HTTP Protocol
Constraints
Table 2: Web-related threats
Attack
Technique
Description Protection FortiWeb Solution