Filter
Top Products
Fortinet 421 FortiWeb 5.0 Patch 6 Administration Guide
Preventing zero-day attacks
While your first line of defense is to scan for known attacks, zero-day attacks are, by definition,
unknown.
To defend against zero-day buffer overflow, buffer underflow, shell code, and similar injection
atta
cks that you have not yet identified and created a signature for, input validation can help.
You can configure FortiWeb to sanitize inputs at the web application level. (For attacks that
operate at the HTTP protocol level, or attacks that are not types of application or document
injection attacks, see “HTTP/HTTPS protocol constraints” on page 440 and “Access control” on
page 321.)
See also
• Sequ
ence
of scans
• Defining custom data types
• Validating parameters (“input rules”)
• Preventing tampering with hidden inputs
Validating parameters (“input rules”)
You can configure rules to validate parameters (input) of your web applications.
Input rules define whether or not parameters are required, and their maximum allowed length,
for r
equests that match both the:
• Host: in the
HTTP header
•URL
as defined in the input rule. Inputs are typically the <input> t
ag
s in an HTML form.