Security modules

Start securing your web apps with our pre-configured security modules

SQL injection

SQL injection is one of the most common attacks on web applications. In this attack, attackers try to modify SQL statements to extract data, delete data and even log in to other users’ accounts.

Needle.sh detects SQL injection attempts by scanning the SQL queries in your web application and comparing them with user input.

Available on
Reflected XSS

Cross-site scripting (XSS) can be a very damaging attack on web applications. Attackers try to insert Javascript code in your website and use it to to steal user sessions, payment data and deface your website.

Needle.sh provides XSS protection for major templating engines of web application frameworks where it can detect XSS attempts and block or log them (based on your preferences).

Available on
Command injection

If your web application uses system commands as part of a request, attackers can use that to gain access to your system. Command Injection can be a very dangerous attack as it gives attackers the ability to run any command on your server.

Needle.sh prevents command injection by inspecting user input for Unix/Linux commands just before your code runs any system commands.

Available on
Local File Inclusion (LFI)

With Local File Inclusion (LFI), an attacker tries to steal data by tricking a web application into opening sensitive local files.

Needle.sh protects against LFI attacks by blocking opening of sensitive file paths injected in user input.

Available on
Server Side Request Forgery (SSRF)

Server Side Request Forgery (SSRF) enables an attacker to get a web application to execute HTTP request to internal applications, which otherwise are inaccessible to outsiders. This can allow attackers to get access to sensitive data from the organisation.

Needle.sh’s SSRF protection module blocks suspicious HTTP requests to internal addresses if they are injected as part of user input.

Available on
Security scanner protection

Attackers often use security scanners to find vulnerabilities in web applications, and use it as a first step to mount an attack. By detecting and blocking requests from security scanners, Needle.sh thwarts such attempts by attackers.

Available on
Shellshock protection

Shellshock (also known as "Bashdoor") is a vulnerability affecting the Bash shell in Unix/Linux operating systems which allows attackers to perform arbitrary commands on the underlying system hosting your web servers. Attackers pass commands as part of request data like path or query string, which can be executed by the Bash shell without requiring authentication.

Needle.sh protects your web applications by blocking requests containing payloads that could trigger this attack.

Available on
Content Security Policy (CSP)

The Content Security Policy (CSP) header reduces the risk of browser attacks like XSS by controlling the types of resources which are allowed to load. You can specify policies for resources like Javascript, CSS, images and other resources in the web page.

Although CSP is very versatile and powerful, it can be difficult to manage the policy, and the related violation reports that it generates. Needle.sh simplifies this process by managing the CSP modes, domain lists and violation reports.

Available on
Clickjacking protection

In a “clickjacking” attack, your website content is shown inside an iFrame on an attacker-owned website. By doing this, attackers trick users into sharing login data, downloading malware etc.

Needle.sh adds the Clickjacking prevention HTTP header to all your responses which reduces the risk of clickjacking attacks.

Available on
Browser XSS header

Needle.sh helps combat Cross-site scripting (XSS) attacks by adding the XSS protection header to your web application’s responses.

Available on
Mime sniffing header

Needle.sh inserts the MIME sniffing prevention HTTP header in all responses sent by your web server. This is done to mitigate vulnerabilities caused by browsers like Internet Explorer (IE) and Chrome trying to detect the type of content sent by the server.

Available on
Referrer policy header

Needle.sh allows you to control the level of information sent in the Referrer HTTP header along with your requests. As URLs sent in the Referrer header can contain sensitive information, this highly configurable header can help protect your web applications.

Available on