1 Scope
2 References
3 Terms and definitions
3.1 Terms defined elsewhere
3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 General overview
7 Web-based attack protection system techniques
7.1 General techniques
7.2 Functional
techniques
7.3 Management techniques
7.4 Security and privacy techniques
8 Functions of the web-based attack protection system
9 Information exchange format
Appendix I – Scenarios for web-based attacks
I.1 Scenario for malware infection
I.2 Cross-site request forgery (CAPEC-62)
I.3 Cross-site port attacks/server-side request forgery
I.4 SQL injection
I.5 Detecting malware in websites
Appendix II – Method for infecting user computers with malware
Appendix III – Typical examples of obfuscation technique
Appendix IV – Prevention techniques for web-based attacks
IV.1 Remove website vulnerabilities
IV.2 Signature matching
IV.3 Site blacklisting
IV.4 Detection of obfuscating techniques
IV.5 Evaluation of suspicious content behaviour
Appendix V – Typical examples of application security risks by OWASP
Bibliography