Normalization is the preprocessing step performed by Web Application Firewalls (WAFs) to decode and transform incoming HTTP requests before applying security logic like signature inspection or rule-based checks. Attackers often…

Entity AV Type Risk Detection Type Example Param Value SQLi Specific Signature id=1' or '1'='1 matches CVE signature Header Value RFI General Meta Characters User-Agent: php://input with path traversal marker…

Code Name Focus Used In E1 Request Input Entities User input, payload Signatures, Restrictions E2 Source & Frequency IP, Geo, Sessions, RPS Anomalies, Rate Limiting E3 Protocol & RFC Behavior…

Pattern matching is a fundamental concept in computer science involving checking a sequence of tokens or data against a defined pattern, and potentially extracting data from it. It’s a more…

D1. Signatures – Exploit Detection Based on Patterns and Payloads ID Name Description / Sub-elements S1 RCE AV Remote Command Execution detection via signature matching. S2 SQLi SQL Injection detection.…

Injection Attacks SQL Injection (SQLi) OS Command Injection (RCE) XML External Entity (XXE) Server-Side Template Injection (SSTI) LDAP Injection Expression Language Injection (EL Injection) Cross-Site Attacks Cross-Site Scripting (XSS) –…