What Sqreen detects and protects you from

Below, you'll find an exhaustive list of attacks that Sqreen blocks and detects.

In-app protection

Unlike application security testing which only finds hypothetical vulnerabilities in code, or Web Application Firewalls (WAF) which only block attacks based on simple patterns — creating a lot of false positives — Sqreen uses the full application context to accurately block attacks in real-time. (The protection functionality can be deactivated using the monitoring-only mode.) Sqreen will block requests and not IPs or users.

Sqreen can detect attackers before they attack, by watching for patterns of activity indicative that someone is casing your web application for exploitable vulnerabilities. You can see this kind of activity in your dashboard, but we won't alert you (to keep from bothering you when it's not critical).

Here are the attacks that Sqreen detects and blocks:

  • SQL Injections (SQLi) - OWASP A1 - Detected & Blocked
  • NoSQL injections (NoSQLi) - OWASP A1 - Detected & Blocked
  • Command Injection - OWASP A1 - Detected & Blocked
  • Code injections - OWASP A1 - Detected & Blocked
  • Shell injections - OWASP A1 - Detected & Blocked
  • Cross-Site Scripting (XSS) - OWASP A3 - Detected & Blocked
  • Usage of third-party libraries with known vulnerabilities - OWASP A9 - Detected
  • Shellshock attacks - OWASP A9 - Detected & Blocked
  • Web vulnerability scanners, bots, and crawlers - Detected & Blocked
  • Peaks of HTTP errors (40x/50x) related to security - Detected
  • Content Security Policy (CSP) violations - Detected & Blocked
  • Security Scans, Bots and crawlers - Detected & Blocked
  • Local File Inclusion - Detected & Blocked

Sqreen will link those attacks to authenticated users to allow you to detect attackers early.

How Sqreen protects my users?

Your customers’ data is valuable. Protecting your customers means reacting quickly when criminals move to steal their accounts and perform fraud. Sqreen detects and notifies about attacks targeting your customers and unusual user behaviors.

Here are the attacks and suspicious behaviors that Sqreen will detect:

  • Account Takeovers - OWASP A2
  • Bruteforce Attacks - OWASP A2
  • DarkNet/TOR or VPNs connections
  • Suspicious geo-locations
  • IP & email reputation
  • Simultaneous geolocations
  • Peak of account creations
  • Account enumerations

Getting the most of modern browsers protection

Sqreen can enable Security Headers in your application in just 1 click. You can enable/disable those headers anytime in your different apps. Visit the App Protection to manage those browser directives.


XSS Protection (X-XSS-Protection)

Cross-site scripting (XSS) is one of the most common and dangerous type attacks on the web, as it is often used to inject malicious code into your app to extract data about a logged in user, or take advantage of their user privileges to perform actions not available by default. Setting the X-XSS-Protection header allows modern browsers to block attackers from Reflected XSS attacks.

Click jacking protection (X-Frame-Options)

Setting an X-Frame-Options header in your application protects it from someone creating a wrapper around your site doing whatever they want and displaying your page in an iframe. This allows attackers to force your users to click on some part of your website, while hidden in an iframe (these are known as clickjacking attacks). You can either choose to completely block rendering your site inside a frame by setting this header to DENY, allow it to be rendered by other pages on the same server with SAMEORIGIN or, you can specify a list of whitelisted domains with ALLOW-FROM.

MIME sniffing Protection (Mime-Content-Type)

Some browsers guess the type of file being transferred by default. This allows the browser to render an HTML file if the content looks right even if the server says that the file is plaintext. This can be used as an attack vector for untrusted JavaScript code. Setting the X-Content-Type-Options header to nosniff forces browsers to respect the server specified file type.

Content Security Policy (CSP)

Content Security Policy takes a little bit of effort to implement. A Content Security Policy (CSP) header lists all authorized domains and resources your app is allowed to use. Thus if a user loads a page where an attacker has injected a malicious resource, the browser will load your page, but prevent the attacker’s resource from loading. One side effect of using this header is that if you add new assets to your application, you will need to update your Content Security Policy accordingly.

Sqreen helps you building a robust policy faster by recording the domains loading assets, pre-filtering the non legitimate ones and leave you the final decision to add the one you trust.

Visit the App Protection to manage to enable the monitoring mode and let Sqreen learn from your traffic. You can also read more about CSP in this post.


Coming soon...

Our team is currently qualifying new security headers - that will be available soon. Please check our change log regularly to be notified about new features.

If you’re using cookies to store session or authentication information to keep users logged into your site, there are a couple of tricks to improve your security. Two directives protect you from attackers from reading cookies in different places:

  • HttpOnly forbids JavaScript from accessing cookies which will prevent an XSS attack from being able to send your user’s cookies to the attacker.

  • Secure only allows the cookies to be transferred over an HTTPS connection and not over HTTP, so an attacker with access to your network won’t be able to read unencrypted cookies.

Are attacks blocked?


  • When an app is in protection mode, attacks are blocked in real-time.
  • In monitoring-only mode, Sqreen will only monitor and report the attacks.

What happens when Sqreen blocks an attack

When an attack is detected, with protection mode enabled, by default Sqreen returns an HTTP 403 response to malicious requests. You can customize this response on a per-app basis in your app settings and check the attacks blocked by Sqreen in the dashboard.