Protect rules

Apply Protect rules to monitor or block specific kinds of attacks in application environments. Every rule represents a type of attack that exploits vulnerabilities in either custom code or open-source libraries, such as SQL injection or cross site scripting.

Contrast includes many Protect rules you can use to monitor or block attacks, like these:

  • Command injection: Carefully crafted inputs can execute tainted operating system level commands.

  • Cross-site scripting: A web application vulnerability that can allow users to run arbitrary JavaScript in other user's browsers.

  • Expression language injection: A vulnerability type for many frameworks and custom code that happens when an application mistakenly evaluates user inputs as expression languages like OGNL, SpEL, or JSP EL.

  • Method tampering: An attack against authentication or authorization systems that have implicit "allow all" settings in their security configuration.

  • Path traversal / Local file include: A vulnerability that allows users to control which files an application opens and reads.

  • SQL and NoSQL injection: Carefully crafted inputs to the application that alter SQL or NoSQL queries in order to steal data or execute code.

  • Untrusted deserialization: A web application vulnerability that allows users to pass arbitrary objects to a deserializer and execute remote code.

  • XML external entity processing: A vulnerability in XML processing that allows users to read, write, and potentially, execute remote code to a file.