Application attacks and AppFirewall protections
This section is a quick review of some of the important web application attacks, how they work, and what AppFirewall does to protect against them. This knowledge is invaluable since it helps to better understand log entries when troubleshooting.
We will just use the terms User, Attacker, AppFirewall, Website, and Server in our examples to keep it simple.
Note
Note that these attacks and AppFirewall's capability to protect against them can be demoed using WebGoat, which is a deliberately vulnerable site, provided by OWASP. It is free and extremely handy for picking up this knowledge hands on.
Cross-site scripting
Modern Web pages require scripts to function for rich functionality. Cross-site scripting (XSS) is an attack that targets Web pages that accept scripted input without properly validating them. Here is an example of one such attack:
http://example.com/is an e-commerce site that also happens to have a page for comments:http://www.example...
