After the normalization module the request is passed on to the Protocol Validation and Analyzer module where it is matched against the semantic rules that are generated by ontological models in the knowledge base for identifying malicious content in input validation. Protocol Validation module caters to the violation of protocol specification whereas the Analyzer handles all other web application attacks. If the input content matches any of the rules the request is blocked and a log is made for the said attack.
Also in protocol validation attacks, an attacker tries to send an abnormal request that does not follow the RFC
2616 (Hypertext, 2014) standards. HTTP response splitting and HTTP request smuggling (Testing, 2014;
OWASP, 2014) are common and
…show more content…
If the request is valid then it is further checked for other attacks, otherwise it is blocked and stored in the log with the attack type that is found in that request. In HTTP request smuggling attack, a malicious request contains multiple start lines that are not allowed in one HTTP request (violation of RFC 2616).
When the hacker tries to assign multiple start lines to one request, it will be detected by the system analyzer and reported as an HTTP request smuggling attack. A buffer overflow is the computing equivalent of trying to pour two liters of water into a one-liter pitcher, some water is going to spill out and make a mess. A buffer (or array or string) is a space in which data can be held. A buffer resides in memory. Because memory is finite, a buffer 's capacity is finite. For this reason, in many programming languages the programmer must declare the buffer 's maximum size so that the compiler can set aside that amount of space.
Let us look at an example to see how buffer overflows can happen. Suppose a C language program contains the declaration:
Char sample [10];
The compiler sets aside 10 bytes to store this buffer,