Aimed to assist the security teams to control APIs and discover potential excessive data exposure. It generates a dynamic API endpoints catalogs
The API-WAF module protects from malicious content-based (“classical”) attacks that appear in the “OWASP Top 10”- APIs and Applications security lists. Performing in real time, the module conducts full deep packet inspection (DPI), followed by AI/ML analysis of requests and replies that are passing through, making it the ultimate first line of API protection
| Attack Type | |
|---|---|
|
A-1
|
Injection |
|
A-2
|
Broken Authentication |
|
A-3
|
Sensitive Data Exposure |
|
A-4
|
XML External Entities (XXE) |
|
A-5
|
Broken Access Control |
|
A-6
|
Broken Access Control |
|
A-7
|
Cross-Site Scripting (XSS) |
|
A-8
|
Insecure Deserialization |
|
A-9
|
Using Components with Known Vulnerabilities |
|
A-10
|
Insufficient Logging & Monitoring |
| Attack Type | |
|---|---|
|
API-1
|
Broken Object Level Authorization |
|
API-2
|
Broken User Authentication |
|
API-3
|
Excessive Data Exposure |
|
API-4
|
Lack of Resources & Rate Limiting |
|
API-5
|
Broken Function Level Authorization |
|
API-6
|
Mass Assignment |
|
API-7
|
Security Misconfiguration |
|
API-8
|
Injection |
|
API-9
|
Improper Assets Management |
|
API-10
|
Insufficient Logging & Monitoring |
| API 1,2,5,6 are crossed out as they are listed under the Business Logic (BL) type attacks | |
The API-BOT module protects APIs from business-related bot attacks as they appear in the “Automated Threats to Web Applications” list, also known as “OWASP Top 20”. The module performs real-time full deep packet inspection (DPI), followed by near real-time AI/ML analysis of the API(s) traffic, content, context, and metadata, using specific bot activity measurements that are made according to bot type activity characteristics
| Attack Type | |
|---|---|
|
OAT-1
|
Carding |
|
OAT-2
|
Token Cracking |
|
OAT-3
|
Ad Fraud |
|
OAT-4
|
Fingerprinting |
|
OAT-5
|
Scalping |
|
OAT-6
|
Expediting |
|
OAT-7
|
Credential Cracking |
|
OAT-8
|
Credential Stuffing |
|
OAT-9
|
CAPTCHA Defeat |
|
OAT-10
|
Card Cracking |
| Attack Type | |
|---|---|
|
OAT-11
|
Scraping |
|
OAT-12
|
Cashing out |
|
OAT-13
|
Sniping |
|
OAT-14
|
Vulnerability Scanning |
|
OAT-15
|
Denial of Service |
|
OAT-16
|
Skewing |
|
OAT-17
|
Spamming |
|
OAT-18
|
Footprinting |
|
OAT-19
|
Account Creation |
|
OAT-20
|
Account Aggregation |
The API-DDoS module protects from DDoS attacks tailored against specific API(s). These attacks may use camouflage techniques, such as rotating source IPs or requests content randomization while using optimization algorithms to decide on the next wave of attack. Ammune™ API-DDoS module performs real-time deep packet inspection (DPI), followed by AI/ML analysis of the API(s) traffic in order to find exceptional API-related resource consumption within seconds
| Attack Type | |
|---|---|
|
L7D-1
|
Classical botnets flood attack |
|
L7D-2
|
Human mimicking attack |
|
L7D-3
|
AI-based optimization attack |
|
L7D-4
|
Heavy file downloads attack |
|
L7D-5
|
Rotating IP’s attack |
|
L7D-6
|
IoT source IP's / anonymous proxies attacks |
|
L7D-7
|
Multiple vectors attacking simultaneously |
|
L7D-8
|
Request content randomization attack |
|
L7D-9
|
“Out of scheme” parameters and contents attack |
|
L7D-10
|
Cache evading attack |
| Attack Type | |
|---|---|
|
L7D-11
|
Hit & run / randomly changing traffic volumes attack |
|
L7D-12
|
Baseline poisoning attack |
|
L7D-13
|
Flash crowding mimicking event attack |
|
L7D-14
|
Attack occurs through flash crowding event |
|
L7D-15
|
Asymmetric requests attack |
|
L7D-16
|
Brute force attack |
|
L7D-17
|
SlowLoris and slow-post attack |
|
L7D-18
|
Slow read attack |
|
L7D-19
|
SSL re-negotiation attack |
|
L7D-20
|
SSL session exhaustion attack |
The API-BL module protects APIs from Business Logic (BL) attacks that can lead to forbidden data or functionality access, or to abused business processes and fraud. These attacks partially appear in the “OWASP Top 10 – API security list”, while additional attack types were added by L7Defense. Ammune™ performs in-session traffic analysis to identify these attack patterns in real time, including session as well as historical data points. Together with the API-WAF module, this module completes the first line of protection
| Attack Type | |
|---|---|
|
API-1
|
Broken Object Level Authorization |
|
API-2
|
Broken User Authentication |
|
API-3
|
Excessive Data Exposure |
|
API-4
|
Lack of Resources & Rate Limiting |
|
API-5
|
Broken Function Level Authorization |
|
API-6
|
Mass Assignment |
|
API-7
|
Security Misconfiguration |
|
API-8
|
Injection |
|
API-9
|
Improper Assets Management |
|
API-10
|
Insufficient Logging & Monitoring |
| API 3,4,7,8,9,10 are crossed out as they are listed under the WAF type attacks | |
| Attack Type | |
|---|---|
|
L7B-1
|
Broken payment flow - missing bind between payment and order |
|
L7B-2
|
Broken payment flow - insufficient input validation |
|
L7B-3
|
Broken credentials restore flow |
|
L7B-4
|
Broken credentials revoke flow |
|
L7B-5
|
JWT Token tampering |
|
L7B-6
|
Insufficient 3rd party application trust |
| Those are new attack types currently not part of the OWASP list | |