Configuration of Anomaly Detection Process: Overview¶
In addition to vulnerabilities detection, FAST can detect anomalies using the fuzzer.
This documentation section describes the following points:
Anomaly example
The anomalous behavior of the target application OWASP Juice Shop is demonstrated in the example of the FAST extension.
This target application usually responds with the 403 Unauthorized
code and the Invalid email or password.
message to the authorization request with an incorrect combination of login and password.
However, if the '
symbol is passed within any part of the login value, the application responds with the 500 Internal Server Error
code and the ...SequelizeDatabaseError: SQLITE_ERROR:...
message; such behavior is anomalous.
This anomaly does not lead to the direct exploitation of any vulnerability, but it provides an attacker with information about the application architecture and prompts to execute the SQL Injection attack.