Skip to main content

Protect rules

Apply Protect rules to monitor or block specific kinds of attacks in application environments. Every rule represents a type of attack that exploits vulnerabilities in either custom code or open-source libraries, such as SQL injection or cross site scripting.

Contrast includes many Protect rules you can use to monitor or block attacks, like these:

  • Command injection: Carefully crafted inputs can execute tainted operating system level commands.

  • Cross-site scripting: A web application vulnerability that can allow users to run arbitrary JavaScript in other user's browsers.

  • Expression language injection: A vulnerability type for many frameworks and custom code that happens when an application mistakenly evaluates user inputs as expression languages like OGNL, SpEL, or JSP EL.

  • Method tampering: An attack against authentication or authorization systems that have implicit "allow all" settings in their security configuration.

  • Path traversal / Local file include: A vulnerability that allows users to control which files an application opens and reads.

  • SQL and NoSQL injection: Carefully crafted inputs to the application that alter SQL or NoSQL queries in order to steal data or execute code.

  • Unsafe file upload: A vulnerability in the upload process that allows malicious files to bypass upload protections and perform malicious actions. This rule affects files with commonly-used extensions including (but not limited to): SVG, ASP, ASPX, *SH, JAR, and JAVA. In Monitor mode, this rule reports potentially unsafe file uploads to Contrast. In Block mode, Contrast blocks uploads of these files.

  • Untrusted deserialization: A web application vulnerability that allows users to pass arbitrary objects to a deserializer and execute remote code.

  • XML external entity processing: A vulnerability in XML processing that allows users to read, write, and potentially, execute remote code to a file.