Experience Center
About AppProtection Controls
All AppProtection profiles have a set of AppProtection controls that you can use to help you define how AppProtections are managed. AppProtection controls are grouped by predefined controls that come from ThreatLabZ, Open Web Application Security Project (OWASP), and WebSocket, or custom WebSocket or HTTP controls. To learn more, see About ThreatLabZ Controls, About Custom Controls and About WebSocket Controls.
AppProtection controls enhance your experience by enabling you to:
- Protect internal applications from all types of attacks in the OWASP predefined controls with SQL injection, cross-site scripting (XSS), and more.
- Understand the severity, description, and recommended default action for each type of attack related to OWASP predefined controls.
Each OWASP predefined control is identified with a unique number, defined with how the control operates, and is associated with the level of concern. The predefined controls are organized into various categories:
- Preprocessors
- Environment and Port Scanners
- Protocol Issues
- Request Smuggling or Response Split or Header Injection
- Local File Inclusion
- Remote File Inclusion
- Remote Code Execution
- PHP Injection
- Cross-Site Scripting (XSS)
- SQL Injection
- Session Fixation
- Deserialization
- Issues Anomalies
About the OWASP Predefined Controls Page
On the OWASP Predefined Controls page (Policies > Cybersecurity > Inline Security > Protection Controls > OWASP Predefined Controls), you can do the following:
- View more information about the predefined controls.
- Go to the ThreatLabZ Controls page to view the available predefined controls.
- Go to the Custom Controls page to manage your custom controls.
- Go to the WebSocket Controls page to manage your WebSocket predefined and custom controls.
- Expand all the rows in the table to see more information about each predefined control.
- Filter the information that appears in the table. By default, the version is set to OWASPP_CRS/3.3.5.
- For each predefined control type, expand to view:
- Control Number: A number identifying the predefined control. When expanded, the following information is displayed:
- Description: An explanation of how the control works.
- Paranoia Level: The associated level, which corresponds to the levels available in an AppProtection profile.
- Used in AppProtection Profiles: The AppProtection profiles using the predefined control.
- Control Name: The name of the predefined control.
- Severity: The level of severity for the control number. The severity levels are Low, Medium, High, and Critical.
- Control Action: What action occurs when the predefined control is in use.
- Control Number: A number identifying the predefined control. When expanded, the following information is displayed:
