This topic describes the types of attacks involved in attack statistics and provides corresponding solutions.

Attack type Description Solution
JNI injection Java Native Interface (JNI) injection is a common method to bypass the Runtime Application Self-Protection (RASP) technology. If an attacker obtains the permissions to execute code, the attacker can use JNI functions to call external malicious dynamic-link libraries. This way, the attacker can bypass the security protection of the Java layer and conceal specific malicious behaviors. Your server may have a code execution vulnerability. Check the location of the vulnerability and limit the permissions to execute code.
SQL injection An SQL injection attack inserts specific SQL statements into the query strings of web requests or web forms and induces the server to execute the SQL statements. An attacker can obtain the data on websites with security vulnerabilities by inserting SQL statements into web forms. SQL injection is caused by concatenating SQL statements. Precompile input parameters or use whitelists and blacklists to limit concatenated parameters.
XXE injection XXE injection is short for XML external entity injection. If an XML file references an external entity, an attacker can construct malicious content to cause arbitrary file reads, command injection, and internal network attacks. Check whether your application needs to load external entities when it parses XML files. If not, disable external entities in the XML parsing configuration.
Malicious DNS query An attacker can use multiple methods to exploit malicious DNS queries. An attacker is likely to use the DNS protocol to bring sensitive information out of internal networks. The attacker may also use the DNS protocol to detect whether an internal network system has vulnerabilities such as SSRF and JNDI injection. Malicious DNS queries are caused when the server sends requests to user-controlled parameters. Check the parameter settings and configure whitelists.
Malicious reflection calls The self-protection module of RASP prohibits attackers from using reflection to modify RASP data at runtime. Your server may have a code execution vulnerability. Check the location of the vulnerability and limit the permissions to execute code.
SSRF Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to attack the internal system of a website by inducing the server-side application to make HTTP requests. SSRF is caused when the server sends requests to input parameters. Check the parameter settings and configure whitelists.
Malicious file read and write Java provides the RandomAccessFile class for file read and write operations. When you use this class to read and write files but you do not restrict the file path and file content, an attacker may read sensitive system files and upload trojan files. Check whether you can read and upload files as expected. If an exception occurs, check the function code and configure blacklists.
Malicious file upload For the file upload feature provided by a website, if the types of files are not restricted, an attacker may obtain higher permissions on the server by uploading trojan files. This causes serious harm. Restrict the types of files to be uploaded and prohibit uploading files with execute permissions, such as JSP files.
Command injection A command injection vulnerability allows an attacker to execute arbitrary system commands on the server. In most cases, remote command execution is caused by web shells or the risky code of the server. Check the location where commands are executed. If command execution is caused by web shells, delete the web shells in time. If commands are executed to implement normal features on the server, configure whitelists to limit the commands that can be executed.
Directory traversal The directory of a website may be browsed arbitrarily due to its configuration defects. This results in the disclosure of privacy information. An attacker can use the disclosed information to attack the website. Check whether the website directory can be traversed as expected. If an exception occurs, check the function code and configure blacklists to restrict the relevant commands, such as "./" and "../".
Memory horse injection Memory horse is an emerging trojan horse technique. An attacker can inject trojans into memory by some special technical means, which can effectively bypass the detection of WAF and host defense. Your server may have a code execution vulnerability. Check the location of the vulnerability and limit the permissions to execute code.
Arbitrary file read For the file download and read feature provided by a website, if files are read and downloaded by using an absolute path or directory traversal character, an attacker can exploit this vulnerability to obtain sensitive information and attack the server. Check whether you can read files as expected. If an exception occurs, check the function code and configure blacklists to restrict the input parameters, such as "./" and "../".
Weak database password If a database password is weak, an attacker may obtain the password by initiating brute-force attacks. In this case, the attacker can steal data from the database and obtain system permissions. Use a more complex password.
Thread injection Thread injection is a common method to bypass the RASP technology. If an attacker obtains the permissions to execute code, the attacker can create a thread so that RASP loses the context of the runtime environment. In this case, the defense capability of RASP is compromised. Your server may have a code execution vulnerability. Check the location of the vulnerability and limit the permissions to execute code.