API Security Events Classification

API Security Events Classification

May 15, 2024 | NSFOCUS

The risk levels of API security events for NSFOCUS WAF version 6080 are categorized as follows:

:Low Risk Events

:Medium Risk Events

:High Risk Events

API Security Event Types:

Event TypeDescription
AbuseAttacks covered include JavaScript-related, account takeover, and CSRF.
Sensitive Data ExposureAttacks covered include sensitive information leakage, anti-crawling, information leakage prevention, and illegal downloading.
Lack of Rate LimitingAttacks covered include brute force attacks and scan protection.
API Protocol ViolationAttacks covered include HTTP protocol validation and XML protocol validation.
MisconfigurationAttacks covered include Web server/plugin protection.
InjectionAttacks covered include general Web protection, semantic analysis engine, and energy absorption.
Improper Asset ManagementAttacks covered include shadow APIs.
Custom PoliciesAttacks covered include user-defined policies.
Compliance VerificationAttacks covered include compliance policies.