Fortinet 29 FortiWeb 5.0 Patch 6 Administration Guide
Credit card
theft
Attackers read users’ credit card
information in replies from a web
server.
Detect and sanitize
credit card data leaks.
Helps you comply with
credit card protection
standards, such as PCI
DSS 6.6.
Credit Card
Detection
Cross-site
request
forgery
(CSRF)
A script causes a browser to
access a web site on which the
browser has already been
authenticated, giving a third party
access to a user’s session on that
site. Classic examples include
hijacking other peoples’ sessions
at coffee shops or Internet cafés.
Enforce web application
business logic to prevent
access to URLs from the
same IP but different
client.
Page Access
Cross-site
scripting
(XSS)
Attackers cause a browser to
execute a client-side script,
allowing them to bypass security.
Content filtering, cookie
security, disable
client-side scripts.
Cross Site
Scripting
Denial of
service
(DoS)
An attacker uses one or more
techniques to flood a host with
HTTP requests, TCP
connections, and/or TCP SYN
signals. These use up available
sockets and consume resources
on the server, and can lead to a
temporary but complete loss of
service for legitimate users.
Watch for a multitude of
TCP and HTTP requests
arriving in a short time
frame, especially from a
single source, and close
suspicious connections.
Detect increased SYN
signals, close half-open
connections before
resources are
exhausted.
DoS Protection
HTTP
header
overflow
Attackers use specially crafted
HTTP/HTTPS requests to target
web server vulnerabilities (such
as a buffer overflow) to execute
malicious code, escalating to
administrator privileges.
Limit the length of HTTP
protocol header fields,
bodies, and parameters.
HTTP Protocol
Constraints
Tabl e 2 : Web-related threats
Attack
Technique
Description Protection FortiWeb Solution