- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Use ASM Exploit Prevention to protect your critical applications and APIs against zero-day vulnerabilities without tuning or reconfiguration.
With ASM’s context-aware capabilities, you can gain a deep understanding of application logic, data flow, and state.
Combine telemetry from the Datadog tracer with predefined heuristics to detect and block exploits with higher accuracy, ensuring legitimate traffic remains unaffected.
You can use ASM Exploit Prevention in the following use cases:
An attacker tricks the server into making unauthorized requests to internal systems or external servers, potentially leaking information or a further exploitation.
ASM Exploit Prevention checks whether an internal or external request’s URL, which is partially or totally controlled by a user parameter, has been manipulated by an attacker to alter the original purpose of the request.
An attacker exploits a vulnerable parameter to include local files from the server, potentially exposing sensitive data like configuration files or possibly enabling remote code execution.
ASM Exploit Prevention inspects all file access attempts to determine if the path has been injected and whether a restricted file is accessed.
An attacker injects malicious SQL code into a query, potentially gaining unauthorized access to the database, manipulating data, or executing administrative operations.
ASM Exploit Prevention intercepts all SQL queries to determine if a user parameter has been injected and whether the injection alters the original purpose and structure of the SQL query.
Exploit Type | .NET | Python | Go | Java | Node.js | PHP |
---|---|---|---|---|---|---|
Server-side Request Forgery (SSRF) | v2.53.0 | v2.9.0 | v1.65.0 | v1.39.0 | v5.20.0, v4.44.0 | Avail. in Q4 ‘24 |
Local File Inclusion (LFI) | v3.4.0 | v2.9.0 | orchestrion v0.8.0 | v1.40.0 | v5.24.0, v4.48.0 | Avail. in Q4 ‘24 |
SQL Injection (SQLi) | v3.4.0 | v2.16.0 | Avail. in Q4 ‘24 | v1.42.0 | v5.25.0, v4.49.0 | Avail. in Q4 ‘24 |
Command Injection | v3.2.0 | v2.11.0 | Avail. in Q4 ‘24 | not supported | v5.25.0, v4.49.0 | Avail. in Q4 ‘24 |
Note: Estimated availability of Exploit Prevention support for Ruby is Q4 ‘24.
Navigate to In-App WAF (Security > Application Security > Protection > In-App WAF).
If you have applied a Datadog managed policy to your services, then follow these steps: a. Clone the policy. For example, you can use the Managed - Block attack tools policy.
b. Add a policy name and description.c. Click on the policy you created and select the Local File Inclusion ruleset. Enable blocking for the Local File Inclusion exploit rule.d. Similarly, select the Server-side Request Forgery ruleset and enable blocking for the Server-side request forgery exploit rule.If you have applied a custom policy for your services, you can skip Steps 2.a and 2.b for cloning a policy and directly set the Exploit Prevention rules in blocking mode (Steps 2.c and 2.d).
After you have enabled Exploit Prevention, if ASM detects an exploit attempt, it proceeds to block that request. Exploit Prevention detections are always accompanied by stack traces, which provide full visibility of where the vulnerability lies in your code, ensuring a clear path to remediation.
In addition, ASM also generates a signal correlating all the blocked traces and isolating the attacker IP addresses that are targeting your service(s). You can take action by blocking all attacking IPs.