{"_id":"574cf019a1f0be2000ae37ee","project":"55db8f8f1a91690d007ad975","user":"57290a893dfe530e00bac0e8","__v":1,"parentDoc":null,"version":{"_id":"55db8f901a91690d007ad978","project":"55db8f8f1a91690d007ad975","__v":17,"createdAt":"2015-08-24T21:41:36.034Z","releaseDate":"2015-08-24T21:41:36.034Z","categories":["55db8f901a91690d007ad979","55db9856b3d6540d00886426","55dc751b00a8811900c230e3","55dc766255be9f21004ee250","55dc769200a8811900c230ed","55e4c701177b6e0d003330fa","55f4915caf0bc71900a53130","55f491b2be9c2b2100f0635d","560b22739c7be70d00100bd8","57488c53e8c6a420000b729c","574cefd95953e20e00f40f9f","5798edfd7700d30e00ad250c","579ac88234b5fd0e00b9e140","57c81c6d690c200e0047b72e","57d9b8fbda17c30e003897f1","57d9b90e608ea00e00f358d8","57d9b91cda17c30e003897f4"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"category":{"_id":"57d9b8fbda17c30e003897f1","project":"55db8f8f1a91690d007ad975","version":"55db8f901a91690d007ad978","__v":0,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-09-14T20:54:19.794Z","from_sync":false,"order":4,"slug":"code-protection","title":"Code Protection"},"githubsync":"","updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-05-31T01:59:53.485Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":1,"body":"Code Protection utilizes IMMUNIO sensors inside the application to monitor and secure critical elements of the web application and ensure integrity of code and user accounts. \nCode Protection feature includes a set of sensors, threat indicators and dashboards.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Scope\"\n}\n[/block]\nCode Protection feature includes the following threats\n  * [Cross-Site Scripting (XSS)](doc:cross-site-scripting-xss) \n  * [SQL Injection](doc:sql-injection-sqli) \n  * [Open Redirect](doc:open-redirect) \n  * [Unauthorized File Access](doc:unauthorized-file-access) \n  * [Remote Command Execution](doc:remote-command-execution) \n  * [HTTP Response Splitting](doc:http-response-splitting)\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Enabling Code Protection\"\n}\n[/block]\nWhen you add your first application, code protection features are inactive. You can enable these features in the Application Settings individually as shown below:\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/55e7bef-code_protection_1.jpg\",\n        \"code protection 1.jpg\",\n        1658,\n        847,\n        \"#353d43\"\n      ]\n    }\n  ]\n}\n[/block]\nUpon requesting activation the dashboard will first initiate a request with IMMUNIO Customer Success team and a member of that team will contact you to begin sending valid requests to the application.\n[block:callout]\n{\n  \"type\": \"danger\",\n  \"title\": \"IMPORTANT\",\n  \"body\": \"During analysis mode, your agent is learning everything it can about your application. It's vital that you exercise every part of the app that IMMUNIO will protect by sending only valid requests. \\n**Do not begin penetration testing or vulnerability scanning until Analysis Mode is complete**\"\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Creating A Baseline\"\n}\n[/block]\nBefore you can enable IMMUNIO’s Code Protection features, the agent needs to learn how your application functions and create a baseline of normal execution behaviors. During the Analysis Mode phase, you’ll want to exercise every part of the application as you would expect users to access. The agent creates a baseline of these behaviors and execution paths it will later use to differentiate between normal and malicious requests.\n\nTypical ways of sending legitimate requests to an application include:\n\n* Running a full cycle of functional tests.\n* Running in test, or staging environment for a specific period of time prior to proceeding to deployment in production.\n* Manual tests of frequent user scenarios\n * When doing manual testing please make sure to:\n   * Log into the application with each different user class, from guest accounts up to admin-level\n   * Use all of the application's functionality, including those features not frequently used.\n[block:callout]\n{\n  \"type\": \"info\",\n  \"body\": \"If you do not exercise all features of your application during Analysis Mode, IMMUNIO will learn the first successful request to that feature and use it as the baseline for that execution path and may require additional tuning.\"\n}\n[/block]\nOnce you are confident you've thoroughly exercised your application, please contact IMMUNIO's Customer Success team to exit Analysis Mode.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Configuring Code Protection\"\n}\n[/block]\nOnce Analysis Mode is complete, all Code Protection features will become available to you on the Settings page.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/e3311bb-code_protection_2.jpg\",\n        \"code protection 2.jpg\",\n        908,\n        636,\n        \"#363e45\"\n      ]\n    }\n  ]\n}\n[/block]\n\n[block:callout]\n{\n  \"type\": \"info\",\n  \"body\": \"By default, all Code Protection features are set to Disable upon completion of Analysis Mode. You'll need to configure them yourself as desired.\"\n}\n[/block]\nYou can configure each of the threats to report deviations from normal operation (Detect), or to prevent exploitation of detected vulnerabilities by performing protective actions (Escaping, or Blocking). We recommend a short period in Detect mode prior to enabling protections to ensure all expected behavior was properly recorded.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Tuning Code Protection\"\n}\n[/block]\nIn most cases, the baseline recorded during Analysis Mode will produce accurate threat reporting, however, in some cases, IMMUNIO may register some valid payloads as threats. Should IMMUNIO produce unexpected threat reports, we provide a variety of tuning options in the associated Code Protection dashboards to help improve the solution's accuracy. Please refer to the appropriate section of this guide for the reported vulnerability you are concerned about.","excerpt":"","slug":"code-protection","type":"basic","title":"Enabling Code Protection"}

Enabling Code Protection


Code Protection utilizes IMMUNIO sensors inside the application to monitor and secure critical elements of the web application and ensure integrity of code and user accounts. Code Protection feature includes a set of sensors, threat indicators and dashboards. [block:api-header] { "type": "basic", "title": "Scope" } [/block] Code Protection feature includes the following threats * [Cross-Site Scripting (XSS)](doc:cross-site-scripting-xss) * [SQL Injection](doc:sql-injection-sqli) * [Open Redirect](doc:open-redirect) * [Unauthorized File Access](doc:unauthorized-file-access) * [Remote Command Execution](doc:remote-command-execution) * [HTTP Response Splitting](doc:http-response-splitting) [block:api-header] { "type": "basic", "title": "Enabling Code Protection" } [/block] When you add your first application, code protection features are inactive. You can enable these features in the Application Settings individually as shown below: [block:image] { "images": [ { "image": [ "https://files.readme.io/55e7bef-code_protection_1.jpg", "code protection 1.jpg", 1658, 847, "#353d43" ] } ] } [/block] Upon requesting activation the dashboard will first initiate a request with IMMUNIO Customer Success team and a member of that team will contact you to begin sending valid requests to the application. [block:callout] { "type": "danger", "title": "IMPORTANT", "body": "During analysis mode, your agent is learning everything it can about your application. It's vital that you exercise every part of the app that IMMUNIO will protect by sending only valid requests. \n**Do not begin penetration testing or vulnerability scanning until Analysis Mode is complete**" } [/block] [block:api-header] { "type": "basic", "title": "Creating A Baseline" } [/block] Before you can enable IMMUNIO’s Code Protection features, the agent needs to learn how your application functions and create a baseline of normal execution behaviors. During the Analysis Mode phase, you’ll want to exercise every part of the application as you would expect users to access. The agent creates a baseline of these behaviors and execution paths it will later use to differentiate between normal and malicious requests. Typical ways of sending legitimate requests to an application include: * Running a full cycle of functional tests. * Running in test, or staging environment for a specific period of time prior to proceeding to deployment in production. * Manual tests of frequent user scenarios * When doing manual testing please make sure to: * Log into the application with each different user class, from guest accounts up to admin-level * Use all of the application's functionality, including those features not frequently used. [block:callout] { "type": "info", "body": "If you do not exercise all features of your application during Analysis Mode, IMMUNIO will learn the first successful request to that feature and use it as the baseline for that execution path and may require additional tuning." } [/block] Once you are confident you've thoroughly exercised your application, please contact IMMUNIO's Customer Success team to exit Analysis Mode. [block:api-header] { "type": "basic", "title": "Configuring Code Protection" } [/block] Once Analysis Mode is complete, all Code Protection features will become available to you on the Settings page. [block:image] { "images": [ { "image": [ "https://files.readme.io/e3311bb-code_protection_2.jpg", "code protection 2.jpg", 908, 636, "#363e45" ] } ] } [/block] [block:callout] { "type": "info", "body": "By default, all Code Protection features are set to Disable upon completion of Analysis Mode. You'll need to configure them yourself as desired." } [/block] You can configure each of the threats to report deviations from normal operation (Detect), or to prevent exploitation of detected vulnerabilities by performing protective actions (Escaping, or Blocking). We recommend a short period in Detect mode prior to enabling protections to ensure all expected behavior was properly recorded. [block:api-header] { "type": "basic", "title": "Tuning Code Protection" } [/block] In most cases, the baseline recorded during Analysis Mode will produce accurate threat reporting, however, in some cases, IMMUNIO may register some valid payloads as threats. Should IMMUNIO produce unexpected threat reports, we provide a variety of tuning options in the associated Code Protection dashboards to help improve the solution's accuracy. Please refer to the appropriate section of this guide for the reported vulnerability you are concerned about.