What Sqreen detects and protects you from

The list of attacks that Sqreen detects and blocks


Application Security: How Sqreen protects my application?

Unlike application security testing which only finds hypothetical vulnerabilities in code, or Web Application Firewalls (WAF) which only block attacks based on simple patterns — creating a lot of false positives — Sqreen uses the full application context to accurately block attacks in real-time. (The protection functionality can be deactivated using the monitoring-only mode.) Sqreen will block requests and not IPs or users.

Sqreen can detect attackers before they attack, by watching for patterns of activity indicative that someone is casing your web application for exploitable vulnerabilities. You can see this kind of activity in your dashboard, but we won't alert you (to keep from bothering you when it's not critical).

Here are the attacks that Sqreen detects and blocks:

  • SQL Injections (SQLi) - OWASP A1 - Detected & Blocked
  • NoSQL injections (NoSQLi) - OWASP A1 - Detected & Blocked
  • Command Injection - OWASP A1 - Detected & Blocked
  • Code injections - OWASP A1 - Detected & Blocked
  • Shell injections - OWASP A1 - Detected & Blocked
  • Cross-Site Scripting (XSS) - OWASP A3 - Detected & Blocked
  • Usage of third-party libraries with known vulnerabilities - OWASP A9 - Detected
  • Shellshock attacks - OWASP A9 - Detected & Blocked
  • Web vulnerability scanners, bots, and crawlers - Detected & Blocked
  • Peaks of HTTP errors (40x/50x) related to security - Detected
  • Content Security Policy (CSP) violations - Detected & Blocked
  • Security Scans, Bots and crawlers - Detected & Blocked

Sqreen will link those attacks to authenticated users to allow you to detect attackers early.

User Protection: How Sqreen protects my users?

Your customers’ data is valuable. Protecting your customers means reacting quickly when criminals move to steal their accounts and perform fraud. Sqreen detects and notifies about attacks targeting your customers and unusual user behaviors.

Here are the attacks and suspicious behaviors that Sqreen will detect:

  • Account Takeovers - OWASP A2
  • Bruteforce Attacks - OWASP A2
  • DarkNet/TOR or VPNs connections
  • Suspicious geo-locations
  • IP & email reputation
  • Simultaneous geolocations
  • Peak of account creations
  • Account enumerations

Are attacks blocked?

Yes.

  • When an app is in protection mode, attacks are blocked in real-time.
  • In monitoring-only mode, Sqreen will only monitor and report the attacks.

What happens when Sqreen blocks an attack

When an attack is detected, with protection mode enabled, by default Sqreen returns an HTTP 403 response to malicious requests. You can customize this response on a per-app basis in your app settings and check the attacks blocked by Sqreen in the dashboard.

How can I enable the protection mode on my app?

When an app is in protection mode, attacks are blocked in real-time. In the monitoring mode, Sqreen will only monitor and report the attacks.