Ammune’s Protection Modules

API-WAF Module

The API-WAF module protects from malicious content-based (“classical”) attacks that appear in the “OWASP Top 10”- APIs and Applications security lists. Performing in real time, the module conducts full deep packet inspection (DPI), followed by AI/ML analysis of requests and replies that are passing through, making it the ultimate first line of API protection

“OWASP Top 10 Web Application
Security Risks”

#Attack Type
A-1 Injection
A-2 Broken Authentication
A-3 Sensitive Data Exposure
A-4 XML External Entities (XXE)
A-5 Broken Access Control
A-6 Security Misconfiguration
A-7 Cross-Site Scripting (XSS)
A-8 Insecure Deserialization
A-9 Using Components with Known Vulnerabilities
A-10 Insufficient Logging & Monitoring

“OWASP Top 10 API Security Risks”

#Attack Type
API-1 Broken Object Level Authorization
API-2 Broken User Authentication
API-3 Excessive Data Exposure
API-4 Lack of Resources & Rate Limiting
API-5 Broken Function Level Authorization
API-6 Mass Assignment
API-7 Security Misconfiguration
API-8 Injection
API-9 Improper Assets Management
API-10 Insufficient Logging & Monitoring
API 1,2,5,6 are crossed out as they are listed under the Business Logic (BL) type attacks

API-BL Module

The API-BL module protects APIs from Business Logic (BL) attacks that can lead to forbidden data or functionality access, or to abused business processes and fraud. These attacks partially appear in the “OWASP Top 10 – API security list”, while additional attack types were added by L7Defense. Ammune™ performs in-session traffic analysis to identify these attack patterns in real time, including session as well as historical data points. Together with the API-WAF module, this module completes the first line of protection

“OWASP Top 10 API Security Risks”

#Attack Type
API-1 Broken Object Level Authorization
API-2 Broken User Authentication
API-3 Excessive Data Exposure
API-4 Lack of Resources & Rate Limiting
API-5 Broken Function Level Authorization
API-6 Mass Assignment
API-7 Security Misconfiguration
API-8 Injection
API-9 Improper Assets Management
API-10 Insufficient Logging & Monitoring
API 3,4,7,8,9,10 are crossed out as they are listed under the WAF type attacks

More API Security Risks

#Attack Type
L7B-1 Broken payment flow - missing bind between payment and order
L7B-2 Broken payment flow - insufficient input validation
L7B-3 Broken credentials restore flow
L7B-4 Broken credentials revoke flow
L7B-5 JWT Token tampering
L7B-6 Insufficient 3rd party application trust
Those are new attack types currently not part of the OWASP list

API-BOT Module

The API-BOT module protects APIs from business-related bot attacks as they appear in the “Automated Threats to Web Applications” list, also known as “OWASP Top 20”. The module performs real-time full deep packet inspection (DPI), followed by near real-time AI/ML analysis of the API(s) traffic, content, context, and metadata, using specific bot activity measurements that are made according to bot type activity characteristics

“OWASP Top 20 Automated Threats to Web Applications”

#
Attack type
OAT-1Carding
OAT-2Token Cracking
OAT-3Ad Fraud
OAT-4Fingerprinting
OAT-5Scalping
OAT-6Expediting
OAT-7Credential Cracking
OAT-8Credential Stuffing
OAT-9CAPTCHA Defeat
OAT-10Card Cracking
#Attack type
OAT-11Scraping
OAT-12Cashing out
OAT-13Sniping
OAT-14Vulnerability Scanning
OAT-15Denial of Service
OAT-16Skewing
OAT-17Spamming
OAT-18Footprinting
OAT-19Account Creation
OAT-20Account Aggregation

API-DDoS Module

The API-DDoS module protects from DDoS attacks tailored against specific API(s). These attacks may use camouflage techniques, such as rotating source IPs or requests content randomization while using optimization algorithms to decide on the next wave of attack. Ammune™ API-DDoS module performs real-time deep packet inspection (DPI), followed by AI/ML analysis of the API(s) traffic in order to find exceptional API-related resource consumption within seconds

Top API-DDoS Security Risks (HTTP/s)

#Attack type
L7D-1Classical botnets flood attack
L7D-2Human mimicking attack
L7D-3AI-based optimization attack
L7D-4Heavy file downloads attack
L7D-5Rotating IP’s attack
L7D-6IoT source IP's / anonymous proxies attacks
L7D-7Multiple vectors attacking simultaneously
L7D-8Request content randomization attack
L7D-9“Out of scheme” parameters and contents attack
L7D-10Cache evading attack
#Attack type
L7D-11Hit & run / randomly changing traffic volumes attack
L7D-12Baseline poisoning attack
L7D-13Flash crowding mimicking event attack
L7D-14Attack occurs through flash crowding event
L7D-15Asymmetric requests attack
L7D-16Brute force attack
L7D-17SlowLoris and slow-post attack
L7D-18Slow read attack
L7D-19SSL re-negotiation attack
L7D-20SSL session exhaustion attack