Ammune’s Protection Modules

API-WAF | API-BOT | API-DDoS | API-BL

AP-WAF Module

The API-WAF module protects from malicious content-based (“classical”) attacks that appear in the “OWASP Top 10”- APIs and Applications security lists. Performing in real time, the module conducts full deep packet inspection (DPI), followed by AI/ML analysis of requests and replies that are passing through, making it the ultimate first line of API protection

“OWASP Top 10 Web Application Security Risks”

Attack Type
A-1
Injection
A-2
Broken Authentication
A-3
Sensitive Data Exposure
A-4
XML External Entities (XXE)
A-5
Broken Access Control
A-6
Broken Access Control
A-7
Cross-Site Scripting (XSS)
A-8
Insecure Deserialization
A-9
Using Components with Known Vulnerabilities
A-10
Insufficient Logging & Monitoring

“OWASP Top 10 API Security Risks”

Attack Type
API-1
Broken Object Level Authorization
API-2
Broken User Authentication
API-3
Excessive Data Exposure
API-4
Lack of Resources & Rate Limiting
API-5
Broken Function Level Authorization
API-6
Mass Assignment
API-7
Security Misconfiguration
API-8
Injection
API-9
Improper Assets Management
API-10
Insufficient Logging & Monitoring
API 1,2,5,6 are crossed out as they are listed under the Business Logic (BL) type attacks

API-BOT Module

The API-BOT module protects APIs from business-related bot attacks as they appear in the “Automated Threats to Web Applications” list, also known as “OWASP Top 20”. The module performs real-time full deep packet inspection (DPI), followed by near real-time AI/ML analysis of the API(s) traffic, content, context, and metadata, using specific bot activity measurements that are made according to bot type activity characteristics

“OWASP Top 20 Automated Threats to Web Applications”

Attack Type
OAT-1
Carding
OAT-2
Token Cracking
OAT-3
Ad Fraud
OAT-4
Fingerprinting
OAT-5
Scalping
OAT-6
Expediting
OAT-7
Credential Cracking
OAT-8
Credential Stuffing
OAT-9
CAPTCHA Defeat
OAT-10
Card Cracking
Attack Type
OAT-11
Scraping
OAT-12
Cashing out
OAT-13
Sniping
OAT-14
Vulnerability Scanning
OAT-15
Denial of Service
OAT-16
Skewing
OAT-17
Spamming
OAT-18
Footprinting
OAT-19
Account Creation
OAT-20
Account Aggregation

API-DDoS Module

The API-DDoS module protects from DDoS attacks tailored against specific API(s). These attacks may use camouflage techniques, such as rotating source IPs or requests content randomization while using optimization algorithms to decide on the next wave of attack. Ammune™ API-DDoS module performs real-time deep packet inspection (DPI), followed by AI/ML analysis of the API(s) traffic in order to find exceptional API-related resource consumption within seconds

“Top API-DDoS Security Risks (HTTP/s) ”

Attack Type
L7D-1
Classical botnets flood attack
L7D-2
Human mimicking attack
L7D-3
AI-based optimization attack
L7D-4
Heavy file downloads attack
L7D-5
Rotating IP’s attack
L7D-6
IoT source IP's / anonymous proxies attacks
L7D-7
Multiple vectors attacking simultaneously
L7D-8
Request content randomization attack
L7D-9
“Out of scheme” parameters and contents attack
L7D-10
Cache evading attack
Attack Type
L7D-11
Hit & run / randomly changing traffic volumes attack
L7D-12
Baseline poisoning attack
L7D-13
Flash crowding mimicking event attack
L7D-14
Attack occurs through flash crowding event
L7D-15
Asymmetric requests attack
L7D-16
Brute force attack
L7D-17
SlowLoris and slow-post attack
L7D-18
Slow read attack
L7D-19
SSL re-negotiation attack
L7D-20
SSL session exhaustion attack

API-BL Module

The API-BL module protects APIs from Business Logic (BL) attacks that can lead to forbidden data or functionality access, or to abused business processes and fraud. These attacks partially appear in the “OWASP Top 10 – API security list”, while additional attack types were added by L7Defense. Ammune™ performs in-session traffic analysis to identify these attack patterns in real time, including session as well as historical data points. Together with the API-WAF module, this module completes the first line of protection

“OWASP Top 10 API Security Risks”

Attack Type
API-1
Broken Object Level Authorization
API-2
Broken User Authentication
API-3
Excessive Data Exposure
API-4
Lack of Resources & Rate Limiting
API-5
Broken Function Level Authorization
API-6
Mass Assignment
API-7
Security Misconfiguration
API-8
Injection
API-9
Improper Assets Management
API-10
Insufficient Logging & Monitoring
API 3,4,7,8,9,10 are crossed out as they are listed under the WAF type attacks

More API Security Risks

Attack Type
L7B-1
Broken payment flow - missing bind between payment and order
L7B-2
Broken payment flow - insufficient input validation
L7B-3
Broken credentials restore flow
L7B-4
Broken credentials revoke flow
L7B-5
JWT Token tampering
L7B-6
Insufficient 3rd party application trust
Those are new attack types currently not part of the OWASP list