Enterprise 11 defenses against common vulnerabilities
- 최종 업데이트2022/08/09
Enterprise 11 defenses against common vulnerabilities
The Automation Anywhere Enterprise platform provides some defenses against common attacks on applications.
The list below contains several examples of these attacks and the security controls in place to prevent them.
SQL Injection (SQLi)
SQL injection is a high-risk vulnerability that can seriously impact the confidentiality, integrity, and availability of a database. It enables an attacker to execute any SQL of his or her choosing inside the DB, thus allowing them to read sensitive data, modify/insert data, and execute various operations.
The Control Room prevents SQL injection using query provided by the Hibernate framework.
Cross Site Scripting (XSS)
Cross-site scripting is a high-risk vulnerability that can seriously impact the confidentiality, integrity, and availability of any user web session. It enables an attacker to execute any JavaScript inside the victim's browser, allowing them to spy on the user's input/output or take unauthorized actions on behalf of the user. They could also redirect the user offsite to a malicious malware download or a credential phishing page.
The Control Room prevents cross-site scripting using automatic output encoding provided by the ReactJS framework.