Chapter 2. Service implementation and optimization 37
2.4.1 Threat protection
The list of threat protections offered by the device includes defenses against the
main techniques used by attackers to explore weaknesses found in web
applications:
XML threats
Covers XML Entity Expansion and Recursion Attacks, XML
Wellformedness-based Parser Attacks, XML Flood, XPath/XSLT Injection
Attack, XML Virus, XML Encapsulation, XML External Entity (XXE) Attack,
and so forth.
SQL injection
Protection against SQL injection codes passed through HTML forms.
Dictionary attack
Protects from automated processes using dictionaries to get into the system.
Cookie security management
Encrypts, decrypts, signs, and cookies.
Cross-site scripting
Protects against