Skip to main content
Version: 2.11

Recommended API Protect Policy

The below are policies are recommended for Java and .Net Agents respectively. These are recommended production system policies, and it is advised that these are first verified on a suitable test system. When verifying these policies on a test system the protect() actions may be replaced with detect() actions to enable passive assessment of how the application behaves with the policy in place.

Java Agent Recommended API Protect Policy

app("strict API hardening policy for Java"):
    requires(version: ARMR/2.9)

    dns("API block any DNS address resolution"):
        lookup(any)
        api(any)
        input(http, database, deserialization)
        protect(message: "", severity: High)
    enddns

    filesystem("API block any file read operations"):
        read("*")
        api(any)
        protect(message: "", severity: High)
    endfilesystem

    filesystem("API block any file write operations"):
        write("*")
        api(any)
        protect(message: "", severity: High)
    endfilesystem

    process("API block any process forking operations"):
        execute("*")
        api(any)
        protect(message: "", severity: High)
    endprocess

    socket("API block any incoming traffic using new connections"):
        accept("0.0.0.0:0")
        api(any)
        protect(message: "", severity: High)
    endsocket

    socket("API block any outgoing traffic using new connections"):
        connect("0.0.0.0:0")
        api(any)
        protect(message: "", severity: High)
    endsocket
endapp

.NET Agent Recommended API Protect Policy

app("W4NC Agent Api Hardening"):
requires(version: ARMR/2.9)

    dns("API DNS"):
        lookup(any)
        api(any)
        protect(message: "", severity: High)
    enddns

    filesystem("API File Read"):
        read("*")
        api(any)
        input(http,database)
        protect(message: "", severity: High)
    endfilesystem

    filesystem("API File Write"):
        write("*")
        api(any)
        input(http,database)
        protect(message: "", severity: High)
    endfilesystem

    process("API Process Forking"):
        execute("*")
        api(any)
        protect(message: "", severity: High)
    endprocess

    socket("API Socket Connect"):
        connect("0.0.0.0:0")
        api(any)
        protect(message: "", severity: High)
    endsocket

    socket("API Socket Server Bind"):
        bind(server: "0.0.0.0:0")
        api(any)
        protect(message: "", severity: High)
    endsocket
endapp