What Sqreen detects and protects you from⚓ The list of attacks that Sqreen detects and blocks Application Security: How Sqreen protects my application?⚓ Unlike application security testing which only finds hypothetical vulnerabilities in code, or Web Application Firewalls (WAF) which only block attacks based on simple patterns — creating a lot of false positives — Sqreen uses the full application context to accurately block attacks in real-time. (The protection functionality can be deactivated using the monitoring-only mode.) Sqreen will block requests and not IPs or users. Sqreen can detect attackers before they attack, by watching for patterns of activity indicative that someone is casing your web application for exploitable vulnerabilities. You can see this kind of activity in your dashboard, but we won't alert you (to keep from bothering you when it's not critical). Here are the attacks that Sqreen detects and blocks: SQL Injections (SQLi) - OWASP A1 - Detected & Blocked NoSQL injections (NoSQLi) - OWASP A1 - Detected & Blocked Command Injection - OWASP A1 - Detected & Blocked Code injections - OWASP A1 - Detected & Blocked Shell injections - OWASP A1 - Detected & Blocked Cross-Site Scripting (XSS) - OWASP A3 - Detected & Blocked Usage of third-party libraries with known vulnerabilities - OWASP A9 - Detected Shellshock attacks - OWASP A9 - Detected & Blocked Web vulnerability scanners, bots, and crawlers - Detected & Blocked Peaks of HTTP errors (40x/50x) related to security - Detected Content Security Policy (CSP) violations - Detected & Blocked Security Scans, Bots and crawlers - Detected & Blocked Sqreen will link those attacks to authenticated users to allow you to detect attackers early. User Protection: How Sqreen protects my users?⚓ Your customers’ data is valuable. Protecting your customers means reacting quickly when criminals move to steal their accounts and perform fraud. Sqreen detects and notifies about attacks targeting your customers and unusual user behaviors. Here are the attacks and suspicious behaviors that Sqreen will detect: Account Takeovers - OWASP A2 Bruteforce Attacks - OWASP A2 DarkNet/TOR or VPNs connections Suspicious geo-locations IP & email reputation Simultaneous geolocations Peak of account creations Account enumerations Are attacks blocked?⚓ Yes. When an app is in protection mode, attacks are blocked in real-time. In monitoring-only mode, Sqreen will only monitor and report the attacks. What happens when Sqreen blocks an attack⚓ When an attack is detected, with protection mode enabled, by default Sqreen returns an HTTP 403 response to malicious requests. You can customize this response on a per-app basis in your app settings and check the attacks blocked by Sqreen in the dashboard. How can I enable the protection mode on my app? When an app is in protection mode, attacks are blocked in real-time. In the monitoring mode, Sqreen will only monitor and report the attacks.