WAF Evaluation Services

WAF Evaluation Types

Any securtiy product can be evaluted in many ways and with diffrent aproches.

Security evluation is a unique methology that consist of

WAF poliyc Scannering is the fisrt …

 

learn about other types of WAF evluations.

WAF Testing plans

  • Scanning
  • Testing  – self service for update and upgrade on going testing
  • Evaluation  – scoring your WAF with clear actionable repot

WAF Evaluation & testing types

WAF securtiy evluation must be done on Coomon Attack Vector fo Web Application

Every WAF should be able to protect the foolowing CAV:

 

Every WAF must have the foolowing protection lements to be able to detect and mitigate WA-CAV:

Detections engines :

  1. siganutre – pattren matching
  2. Anomlay – traffic increase
  3. restrictions –  …
  4. client intergorations – understand vistor type

WAF Testing plans

Results:

  • Scoring CAV – how good is your policy for each of the coommon attack vector
  • Scoring policy – how good is the policy overall i.e. fit to CAV policy
  • Scoring WAF – how good is your WAF/s detecting and mitgating CAV

WAF Evaluation & testing types

WAF Evaluation is a unique service that provides visibility on your current security and which protection elements can be improved.

WAF Evaluation consist of a dedicated test plans for common attack vector or can be tailored per the application threats assessment

Simplifying WAF security

WAF Testing plans

  • Scanning
  • Testing  – self service for update and upgrade on going testing
  • Evaluation  – scoring your WAF with clear actionable repot
star

Security visibility

Know your security level and policy capabilities

star

Policy optimization

Get the right policy for your needs

star

Incident readiness

Next attack readiness and mitigation time improvement

  • CAV Scan
  • Automated Traffic scan
  • Site Access Policy evluations
  • Securtiy incdent reponse evluation
  • Application Brute force (CS, PS)
  • Application DoS & DDoS
  • Automated CVE hunting
  • Bot & botnet traffic policy
  • Automated Vulnerability Seek n Destroy
  • API attacks
  • Automated Data harvesting and abuse
  • Bot impersonation attack
  • Site Access Policy (SAP)

Web Application Account Take Over

Application Distributed Denial Of Service

Web Application Expolit Hunting

Web Application Malicious Bots Traffic

We Test it all

Any WAF you own, anywhere your WAF is, we are there

All Types

  • WAF
  • Bot Manager
  • WAF NG

All Vendors

  • Commercial
  • Open Source
  • inhouse WAF

All Locations

  • On premises
  • Clouds
  • SaaS WAF