Application layer attacks use a variety of means to attack Web sites and the servers and databases that support them, with results ranging from data breaches, defacements, and diminished site performance. 3 primary types of application layer attacks are SQL Injection, Cross Site Scripting and Remote File Inclusion.
Distributed Denial of Service (DDoS) attacks saturate network bandwidth or server load to make the service unavailable to its intended users. Common techniques include using bots to send millions of TCP or UDP packets or bombarding resource-intensive pages with HTTP requests.
What web application protections do you employ? (Check all that applies)
For applications that are hosted in cloud platforms (e.g. AWS or Azure), how would you protect against a sophisticated, layer 7 DDoS attack?
Do you employ any protection to defend API endpoints from DDoS attacks or overconsumption of API resources by known third parties?
Which of these solutions do you use against DDoS attacks? (Check all that applies)
Does your web hosting infrastructure have protection against DDoS attacks of?
Bots are automated software programs that interact with websites. Leading web security research finds bot traffic can represent up to 60% of overall web traffic, but only 28% of all bot traffic is declared. This includes both good bots engaging in essential business tasks, such as search engine indexers, and bad bots performing harmful activities, such as price and content scraping. One of the most harmful and costly activities these malicious bots engage in is credential stuffing, which can affect any organization with a login page on its website.
Remote access refers to the ability to access a computer, such as a home computer or an office network computer, from a remote location. This allows employees to work offsite, such as at home or in another location, while still having access to a distant computer or network, such as the office network. Remote access can be set up using a local area network (LAN), wide area network (WAN) or even a virtual private network (VPN) so that resources and systems can be accessed remotely.
Have you built controls to mitigate account takeover, account scraping, or credential stuffing attacks against your web properties?
How are you providing access to behind-the-firewall applications in your data center or cloud environments to remote users like employees, contractors and vendors currently? (Check all that applies)