Cortex Xpanse has attack surface rules that detect potential security risks on your websites.
Cortex Xpanse offers two categories of attack surface rules to create alerts on websites:
Web Security Assessments—Includes three attack surface rules (described in the Table 1, “Attack Surface Rules for Websites” table below) that detect website security best practice failures. These are the best practices that are assessed in the Security Best Practices Analysis section of website details pages in the Asset Inventory.
Web Technology CVE Inferences—Includes four attack surface rules (described in the Table 1, “Attack Surface Rules for Websites” table below) that flag web technologies that have inferred CVEs that are both high-confidence matches and high-severity CVEs.
Tip
An important benefit of these attack surface rules is that when they are enabled, Xpanse creates an alert on any new CVE that matches on these criteria. This means you will be notified immediately about zero-day vulnerabilities that are an exact version match.
Attack Surface Rule Category | Attack Surface Rule | Description |
---|---|---|
Web Security Assessments | Insecure Communication Protocol | Triggers an alert when HTTPS is configured and Protocol Downgrade or HTTP Strict-Transport-Security assessments fail. |
Insecure Content Security | Detects if elements on a webpage are not configured correctly. Examples of content security issues include:
| |
Misconfigured Cross-Site Protections | Cross-site scripting (XSS) is one of the most common attacks against websites, enabling attackers to manipulate data on a webpage or exfiltrate data from users. In response, websites can be equipped with various HTTP headers to mitigate certain attacks. This policy detects the absence or misconfiguration of these security settings, including:
| |
Web Technology CVE Inferences | Insecure Security and Infrastructure Technologies | Flags security and infrastructure technologies with a CPE that correlates to a high severity CVE, for example: a Gitlab instance or Bitbucket server with a CVE. |
Insecure Web Applications | Flags web applications with a CPE that correlates to a high severity CVE, typically server-side software such as a CVE in Wordpress. | |
Insecure Web Frameworks and Libraries | Flags web frameworks and libraries with a CPE that correlates to a high severity CVE. Examples of a web framework include ThinkPHP or Ruby on Rails. Examples of a library include React or jQuery or others. | |
Insecure Web Server Technologies | Flags web server technologies with a CPE that correlates to a high severity CVE, for example: JBoss Application Server, IIS, Apache, or nginx. |