Intl-English
  • International
  • Intl-繁体中文
  • Intl-简体中文
  • 中国站
  • 简体中文
Control Center
Help Center -
Cloud WAF
Help Center > Cloud WAF > Term Explanation
Term Explanation
2021-06-24 14:27:48

Multi-mode matching technology:

Engine based on signature rule set, its detection capability is determined by the number of rules. Multi-mode matching technology is the key that ensures when the rule increases, the detection time does not increase linearly. The main idea of realizing multi-mode matching technology is to realize the content of a given length of n and pattern collection P {p1, p2, …pm} by constructing an automaton and complete matching with O(n) time complexity.

Double engine technology:

Traditional web attack detection rules are based on regular expressions. The regular expression engine still has the general advantages:

1. Rules based on regular expressions can cover major OWASP risks without the need to focus on attack scenario and language environment.

2.   In face of emergency vulnerability outbreaks, virtual patches can be quickly provided.

By transforming detected data into finer granularity for main idea analysis, semantic analysis engine can make up for the weakness of regular expression engine under certain circumstances (SQL Injection and Cross Site Scripts etc) increase detection accuracy and reduce false alarm rates. 

Decode Date Codings:

According to statistics on current network traffic, about 40% of Web traffic has undergone some types of coding. Hackers can often bypass WAF using coding. Thus, the ability to properly decode data coding can affect the offensive and defensive capabilities of  WAF to a certain extent. Similar to the idea of ​​automata, WAF properly implements the decoding of 7 common encoding formats: url_escapehexunicodexml encodehtml encodeC OCTbase64 etc. Ability to decode multiple data coding and mixed coding, allows to WAF better defend bypass attacks.

In-app Update

It is an important capability for Web Application to have the business unaffected when tenants' policies and rules are being changed. The WAF uses the shared memory mechanism to achieve in-app updates. In addition, it is possible to quickly update tenant policies and rules without affecting the current request.

CC Attack

Http  and Https flood attack, hackers using proxies to initiate ultra-high concurrent Http(s) access.

Injection Attack

Hackers change the dynamically generated content of the web page by entering HTML code into an input mechanism (for example, a form field lacking effective verification restrictions). This attack method can be used to illegally obtain data or network resources. When a user enters a webpage with a command injection vulnerability, the browser will interpret the code, which may cause malicious commands to control the user's computer and network.

SQL Injection Attack

The attacker inserts SQL commands into the input fields of the Web form or the string requested by the page to trick the server into executing malicious SQL commands. In some forms, the content entered by the user is directly used to construct (or influence) dynamic SQL commands or as input parameters of stored procedures. Such forms are particularly vulnerable to SQL injection attacks.

Cross Site Scripting (XSS)

The attacker injects malicious code into the web page, and other users will execute the code when loading the web pages. The attacker may obtain higher permissions (such as performing some operations), private web content, sessions, messages, cookies, etc. These malicious codes are usually written in JavaScript, HTML, and other client-side scripting languages.

Cross Site Request Forgeries(CSRF)

The attacker forges HTTP requests of the target user, and then sends them to website with CSRF vulnerability. After the website executes the request, a cross-site request forgery attack is triggered. The attacker used a covert HTTP connection to allow the target user to click the link without paying attention. 
Since the user has the legal authority and clicks on the connection himself/herself, the target user can execute the specific HTTP link in the website to achieve the attacker's purpose. This is different from the XSS attack. XSS exploits vulnerabilities to affect users on the website, and the attack target is users on the same website, whereas CSRF affects the interests of the victim users in the Web system by disguising as a victim user and sending malicious requests.

Server-Side Request Forgery (SSRF)

An SSRF attack refers to an attack where the attacker who fails to obtain the permissions of the server takes advantage of a server vulnerability by sending a structured request as the server to the intranet. SSRF attacks usually target internal systems that cannot be directly accessed by external networks.

Previous -Product Definition Next -Overview
Multi-cloud Service
Multi-cloud Service
Cloud Security
Vulnerability Scanning
Cloud Security Service Center
Cloud WAF
e Cloud International
Cloud Host
Cloud Monitor
Cloud-Network Integration
Cloud Exchange
SD-WAN
Application Service
Cloud Conference
Cloud Mailbox
Dedicated Cloud
Cloud Migration
Cloud Insight
Dedicated Cloud
Contact Us

We use cookies to ensure your high-speed browsing experience. By continuing to browse this site, you agree to our use of cookies. Details

e Cloud International Portal is operated by China Telecom Global Limited