What Sqreen detects and protects you from

Vulnerabilities

Injections (OWASP A1)

Sqreen can detect and prevent the execution of the most critical injection based vulnerabilities.

  • SQL injection (SQLi).
  • NoSQL injection (NoSQLi).
  • Command injection.
  • Local File Inclusion (LFI).

Cross-site scripting - XSS (OWASP A3)

Sqreen can detect and prevent the execution of reflected XSS on the server side.

On top of that, Sqreen can help you craft and deploy a Content Security Policy (CSP) and set the X-XSS-Protection browser header.

Components with known vulnerabilities (OWASP A9)

Sqreen can alert you when the libraries used by the application contain known vulnerabilities.

Additionally, Sqreen can detect and block Shellshock based attacks.

Client-side (browser)

Sqreen enables you to set up various browser security headers, covering the following vulnerabilities:

  • Click jacking (X-Frame-Options)
  • MIME sniffing (Mime-content-type)

Attacks targetting users (OWASP A2)

Account takeovers

Sqreen can detect and block Account Takeovers attacks performed using brute-force or credentials stuffing.

Account farming

Sqreen can detect and block IPs creating too many accounts at once. Those accounts are often used for fraudulent purposes like phishing, posting fraudulent content, and so on.

Suspicious activities

Sqreen can detect the following suspicious activities performed by the application's users:

  • DarkNet/TOR or VPNs connections.
  • Suspicious geo-locations.
  • IP & email reputation.
  • Simultaneous locations.