Protect rules
Apply Protect rules to monitor or block specific kinds of attacks in application environments. Every rule represents a type of attack that exploits vulnerabilities in either custom code or open-source libraries, such as SQL injection or cross site scripting.
Contrast includes many Protect rules you can use to monitor or block attacks, like these:
Command injection: Carefully crafted inputs can execute tainted operating system level commands.
Cross-site scripting: A web application vulnerability that can allow users to run arbitrary JavaScript in other user's browsers.
Expression language injection: A vulnerability type for many frameworks and custom code that happens when an application mistakenly evaluates user inputs as expression languages like OGNL, SpEL, or JSP EL.
Method tampering: An attack against authentication or authorization systems that have implicit "allow all" settings in their security configuration.
Path traversal / Local file include: A vulnerability that allows users to control which files an application opens and reads.
SQL and NoSQL injection: Carefully crafted inputs to the application that alter SQL or NoSQL queries in order to steal data or execute code.
Unsafe file upload: A vulnerability in the upload process that allows malicious files to bypass upload protections and perform malicious actions. This rule affects files with commonly-used extensions including (but not limited to): SVG, ASP, ASPX, *SH, JAR, and JAVA. In Monitor mode, this rule reports potentially unsafe file uploads to Contrast. In Block mode, Contrast blocks uploads of these files.
Untrusted deserialization: A web application vulnerability that allows users to pass arbitrary objects to a deserializer and execute remote code.
XML external entity processing: A vulnerability in XML processing that allows users to read, write, and potentially, execute remote code to a file.