WAF 361008

From Atomicorp Wiki
Revision as of 11:47, 16 March 2012 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Rule ID

361006

Status

Active rule currently published.

Alert Message

Atomicorp.com WAF Rules: Potential credit card number detected in output (NOT BLOCKED) -Visa Credit Card Number sent from site to user

Description

This rule detects potential credit card numbers being displayed by the web server. The intent of this rule is to detect these cases, as this may be acceptable for some applications. This rule does not block or obfuscate these numbers, it merely reports that this may have occurred.

Users should investigate this alert to determine if a credit card number has been displayed, and if this action is unauthorized.

False Positives

A false positive can occur when an application legitimately displays a credit card number, or if an application happens to use a number that looks identical to a valid credit card number.

It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page. If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Tuning Guidance

Please see the Tuning the Atomicorp WAF Rules page for basic information.

Similar Rules

WAF_361006

WAF_361010

WAF_361012

WAF_361016

WAF_361020

Knowledge Base Articles

None.

Outside References

None.

Personal tools