Forum Discussion
nathe
Mar 09, 2016Cirrocumulus
Ppp2016, usually attack signatures are only applied to http requests i.e. when bad XSS or SQLi attacks might be embedded in malicious requests. The use cases for applying attack signatures to Responses are, in the main, to prevent Information Disclosure i.e. to prevent MS SQL Database errors being returned to the end user. This might inform malicious persons of backend technologies in place i.e. fingerprinting the environment.
If you go to Attack Signatures in the GUI i think you can filter on signatures in regards Responses and you should see some sample signatures with more details on this.
It's best to create explicit file types and apply response signatures to these entities only, rather than the wildcard.
Hope this helps,
N