WAF is the ultimate security solution for Detecting and Mitigating attacks against web application. With proper configuration and solid process most Web Application Attacks can be prevented.
Web Application Firewall Evaluation
Security Controls Assessment (SCA)
How good is your security ?
WAF Security Testing
Visibility – Feedback loop
Plan 1
Visibility – triggering test, sending different types of exploits and evasions.
Goal – generating hits on your policy, so can see it, we see it. Vul hunting simulations
Typically full weapons – – generic test
Value: it is working ok, we can continue testing , general score of the security.
Report: % of blocking. – anything above
Follow up – demo
Risk Mitigation Level
Security Production Life Cycle (SPLC)
WAF Policy Testing
WAF scan provide a clear picture of your current policy strength and weakness. Understanding the security level that your policy has is critical to successful detection and mitigation of web application common attack vector.
Get your WAF ready for the next automated attack!
WAF testing improves your overall security:
Focusing on fast mitigation for known attacks – vital few policy
Refining WAF policy to reduce to overhead of managing false positives.
Customizing the policy to the needs and security effort you can sustain.
WAF Policy Testing
Testing for common attack vectors detection is the minimum WAF requirements that should reflect your WAF security value on any web application.
- App Brute Force (popular)
- App DoS/DDoS
- Vulnerability Hunting
- Bot/BotNet
Any WAF Testing
No matter which WAF type and where it resides, our unique WAF everywhere testing methodology have all the right test plans.
- RCE :
- Signatures
- Resections
- RFC