Dailydave mailing list archives
Re: [EXTERNAL] WAF Metrics
From: John Lampe via Dailydave <dailydave () lists aitelfoundation org>
Date: Mon, 13 Jul 2020 18:11:10 -0400
Yeah, I guess the way I would envision it going would be: 1) web app scanner sees XSS vuln on /path/to/foo.php 2) my integration ties that web app scan into a format to pass to WAF 3) WAF sets up anti-xss rules on /path/to/foo.php (we had to actually create a static mapping for this step) 4) measure how many hits the waf blocks to that endpoint for the XSS John On Mon, Jul 13, 2020 at 10:46 AM Rafal Los <Rafal () ishackingyou com> wrote:
**** CAUTION: This email was sent from an EXTERNAL source. Think before clicking links or opening attachments. **** ------------------------------ John, Can you expand on #2? How do you measure the number of attacks stifled? _ *-- **Rafal* *_Mobile:* * (404) 606-6056 **_Email**: Rafal.Los@Seventy7.Consulting <Rafal.Los@Seventy7.Consulting>* *From: *John Lampe via Dailydave <dailydave () lists aitelfoundation org> *Reply-To: *John Lampe <jlampe () tenable com> *Date: *Saturday, July 11, 2020 at 9:52 PM *To: *Dave Aitel <dave.aitel () gmail com> *Cc: *"dailydave () lists aitelfoundation org" < dailydave () lists aitelfoundation org> *Subject: *[Dailydave] Re: [EXTERNAL] WAF Metrics So, I recently did an integration for a company that took their web app scanner results and mapped those to existing WAF rules. I can think of 2 metrics based off that 1) How many real-world vulns have a corresponding check in the WAF? and 2) Once the WAF rules have been put in place to protect actually-vulnerable endpoints, how many attacks were actually stifled? John On Sat, Jul 11, 2020 at 12:51 PM Dave Aitel via Dailydave < dailydave () lists aitelfoundation org> wrote: *** CAUTION: This email was sent from an EXTERNAL source. Think before clicking links or opening attachments. *** ------------------------------ So I'm making a video on metrics, of all things, and I wanted to post both this question <https://twitter.com/daveaitel/status/1281629327776522242?s=20>and the best answer so far to the list to see if anyone had any other ideas or followups. -dave _______________________________________________ Dailydave mailing list -- dailydave () lists aitelfoundation org To unsubscribe send an email to dailydave-leave () lists aitelfoundation org
_______________________________________________ Dailydave mailing list -- dailydave () lists aitelfoundation org To unsubscribe send an email to dailydave-leave () lists aitelfoundation org
Current thread:
- WAF Metrics Dave Aitel via Dailydave (Jul 11)
- Re: [EXTERNAL] WAF Metrics John Lampe via Dailydave (Jul 11)
- Re: [EXTERNAL] WAF Metrics Rafal Los via Dailydave (Jul 13)
- Re: [EXTERNAL] WAF Metrics John Lampe via Dailydave (Jul 13)
- Re: [EXTERNAL] WAF Metrics Chuck McAuley via Dailydave (Jul 15)
- Re: [EXTERNAL] WAF Metrics Don Ankney via Dailydave (Jul 15)
- Re: [EXTERNAL] WAF Metrics Greg Frazier via Dailydave (Jul 17)
- Re: [EXTERNAL] WAF Metrics Chuck McAuley via Dailydave (Jul 17)
- Re: [EXTERNAL] WAF Metrics Rafal Los via Dailydave (Jul 13)
- Re: [EXTERNAL] WAF Metrics John Lampe via Dailydave (Jul 11)