FAQ – frankly, asked questions

WAF SCAN FAQ


What is WAF Scan service ?

Return any of our products–no questions asked–within 30 days of purchase. We even pay return shipping.


Do you ship oversees and to P.O. boxes?

Yes, we’ll ship your package anywhere that can accept deliveries.


Do you have customer service?

Of course! Our friendly and knowledgeable customer services reps are available to answer your questions 24/7/365.

WAF Management


What’s your return policy?

Return any of our products–no questions asked–within 30 days of purchase. We even pay return shipping.


Do you ship oversees and to P.O. boxes?

Yes, we’ll ship your package anywhere that can accept deliveries.


Do you have customer service?

Of course! Our friendly and knowledgeable customer services reps are available to answer your questions 24/7/365.

>WAF scoring provides you an overview on the strength and weakness of your current web application security protection
Scoring your WAF capabilities to detect and prevent automated attacks is crucial for incident response readiness.

WAF scoring report is easy to read and implement, depending on your WAF vendors or the protection solution we provide you with concrete recommendation so that you will be ready for the next automated attack

what is a security exposure ?
When a WAF (or any other security product) doesn’t have the necessary tools to fix or mitigate attacks it is said to be “the WAF has security exposure” since it can’t prevent against the relevant attack. this is not a vulnerability since it doesn’t compromise the WAF, it does compromise the app which own the vulnerability.

Web application by design own vulnerability that should be mitigated by fixing them or preventing them using a WAF. WAF are the swiss army knife for detecting and preventing vulnerabilities. However, WAF themselves may or may not have the necessary mitigations to fix the vulnerability.

Security Control Assessment (SCA) quantifies your current mitigation capabilities.
Security Exposure Analysis (SEA) identifies gaps, blind spots, and broken detections.
Together, they provide a complete picture of your security posture — enabling smarter incident readiness and risk-based decisions.

Security Control Assessment (SCA)
Purpose: Measures the presence and effectiveness of existing security controls.
Focus:

What your system can mitigate

Which controls are active and working

Real-world test validation (positive detection)
Result: Risk Mitigation Score (RMS) — a measure of protection effectiveness

Security Exposure Analysis (SEA) (complementary to SCA)
Purpose: Measures the absence, ineffectiveness, or failures of detection and mitigation mechanisms.
Focus:

What your system misses

Broken logic, bypassed controls, or incomplete coverage

Gaps in detection based on threat simulation
Result: Exposure Score or a list of unmitigated threat scenarios

Why do I need to scna my WAF ?

From the moment you embed a WAF you need to start testing the proecting it self.

Doing vulnerability assemns with scanning is still good, but it doesn’t test the waf

Also doing vul patching is part of vul assemsnt – policy

 

WAF scan is a tool that helps you manage your policy !

Add/ remove / change – PE (protection elemtns – policy elements

 

What is the value of the scan ?

Know your security status

Can you identify CAV with the current policy ?

 

Activating your personle with attack summation

Evaluating your process

 

 

 

But I don’t have a policy

Then you should consider doing the policy building workshop.

 

What is the goal and outcome of the worksshops ?

For policy building – get an undesrtanting on  which policy you need and still can sustain it