Start securing your web apps with our pre-configured security modules
SQL injection is one of the most common attacks on web applications. In this attack, attackers try to modify SQL statements to extract data, delete data and even log in to other users’ accounts.
Needle.sh detects SQL injection attempts by scanning the SQL queries in your web application and comparing them with user input.
Needle.sh provides XSS protection for major templating engines of web application frameworks where it can detect XSS attempts and block or log them (based on your preferences).
If your web application uses system commands as part of a request, attackers can use that to gain access to your system. Command Injection can be a very dangerous attack as it gives attackers the ability to run any command on your server.
Needle.sh prevents command injection by inspecting user input for Unix/Linux commands just before your code runs any system commands.
With Local File Inclusion (LFI), an attacker tries to steal data by tricking a web application into opening sensitive local files.
Needle.sh protects against LFI attacks by blocking opening of sensitive file paths injected in user input.
Server Side Request Forgery (SSRF) enables an attacker to get a web application to execute HTTP request to internal applications, which otherwise are inaccessible to outsiders. This can allow attackers to get access to sensitive data from the organisation.
Needle.sh’s SSRF protection module blocks suspicious HTTP requests to internal addresses if they are injected as part of user input.
Attackers often use security scanners to find vulnerabilities in web applications, and use it as a first step to mount an attack. By detecting and blocking requests from security scanners, Needle.sh thwarts such attempts by attackers.
Shellshock (also known as "Bashdoor") is a vulnerability affecting the Bash shell in Unix/Linux operating systems which allows attackers to perform arbitrary commands on the underlying system hosting your web servers. Attackers pass commands as part of request data like path or query string, which can be executed by the Bash shell without requiring authentication.
Needle.sh protects your web applications by blocking requests containing payloads that could trigger this attack.
Although CSP is very versatile and powerful, it can be difficult to manage the policy, and the related violation reports that it generates. Needle.sh simplifies this process by managing the CSP modes, domain lists and violation reports.
In a “clickjacking” attack, your website content is shown inside an iFrame on an attacker-owned website. By doing this, attackers trick users into sharing login data, downloading malware etc.
Needle.sh adds the Clickjacking prevention HTTP header to all your responses which reduces the risk of clickjacking attacks.
Needle.sh helps combat Cross-site scripting (XSS) attacks by adding the XSS protection header to your web application’s responses.
Needle.sh inserts the MIME sniffing prevention HTTP header in all responses sent by your web server. This is done to mitigate vulnerabilities caused by browsers like Internet Explorer (IE) and Chrome trying to detect the type of content sent by the server.
Needle.sh allows you to control the level of information sent in the Referrer HTTP header along with your requests. As URLs sent in the Referrer header can contain sensitive information, this highly configurable header can help protect your web applications.