Protect rules
Apply Protect rules to monitor or block specific kinds of cyber-attacks in application environments. Every rule represents a type of attack that exploits vulnerabilities in either custom code or open-source libraries, such as SQL injection or cross site scripting.
Contrast includes many Protect rules you can use to monitor or block attacks, like these:
Command injection: Carefully crafted inputs can execute tainted commands.
Cross-site scripting: A web application vulnerability that can allow users to run arbitrary JavaScript in other user's browsers.
Expression language injection: A vulnerability type for many frameworks and custom code that happens when an application mistakenly evaluates user inputs as expression languages like OGNL, SpEL, or JSP EL.
Method tampering: An attack against authentication or authorization systems that have implicit "allow all" settings in their security configuration.
Path traversal / Local file include: A vulnerability that allows users to control which files an application opens and reads.
SQL and NoSQL injection: Carefully crafted inputs to the application that alter SQL or NoSQL queries in order to steal data or execute code.
Untrusted deserialization: A web application vulnerability that allows users to pass arbitrary objects to a deserializer and execute remote code.
XML external entity processing: A vulnerability in XML processing that allows users to read, write, and execute remote code to a file.