The nature of forms - multiple fields collecting data for delivery to back end servers - includes multiple vectors of attack. WAF-as-a-Service provides in depth protection against such attacks.
Enable Form Protection
From App Profiles, click the URL containing a form you would like to protect.
In the right panel, click on Form Protection.
The following features are part of Form Protection and each can be configured to protect app forms from attacks.
Brute Force Protection – Stops attacks from making multiple automated submissions using forms in your applications. It also stops attackers from systematically trying to access pages over and over again with the intention of trying multiple username/password combinations to brute force entry in to your application.
Data Theft Protection Usage – Prevents unauthorized disclosure of confidential information.
File Upload Protection – This incorporates both Advanced Threat Protection (BATP) and Virus Scanning.
Login Form Information – For credential protection to work you need to specify the format and details for the login form.
Credential Attack Protection – Protects against Credential Stuffing and/or Credential Spraying.
Privileged Account Protection – Watches for signs of account takeover by evaluating session elements such as the connecting entity’s geolocation, user agent, header value, and network details.
Exempt Status Code - Enables you to specify HTTP response status codes that needs to be exempted from cloaking at the URL policy level.