This article will explain the ACSIA alert called "web request anomaly".
Explaining the web request anomaly
"Web request anomaly" refers to unusual or abnormal web requests made to a website or web application. It involves identifying patterns or behaviors that deviate from the expected and typical interactions that legitimate users would have with the web service. These anomalies could indicate potential security threats, such as attempted attacks or unauthorized access, prompting further investigation and mitigation measures.
Example of a "Web request anomaly" attack:
Consider an e-commerce website that processes online orders and payments. Legitimate users usually browse through products, add items to their shopping carts, and proceed to the checkout page to make a purchase.
However, an attacker with malicious intent wants to exploit a vulnerability in the website's payment processing system. Instead of using the website as a regular user would, the attacker decides to employ an automated script or a bot.
The bot sends a large number of rapid and repetitive requests directly to the website's payment gateway, bypassing the usual user interface. It tries various combinations of credit card numbers and expiration dates, attempting to find valid payment credentials. This excessive, non-standard activity stands out as unusual compared to how real customers interact with the website.
ACSIA alerts you when a web request anomaly is performed on your infrastructure. Here's all the information that ACSIA shows you in the Live Notification:
Also, on the right of the above screen, we can see the actions that a user can perform in such cases.