PaulDotCom mailing list archives
Re: [Security Weekly] Audit a WAF
From: Chris Campbell <chris () ctcampbell com>
Date: Tue, 8 Apr 2014 15:56:21 +0100
Are you auditing the WAF and all the associated issues (logging, alerting, signature updates, policy updates etc.) or are you auditing the WAF policy and the application coverage that it provides? If it's the latter, and the WAF policy is black box, then I like to see a vuln. assessment done with and without WAF coverage to see what the difference is. If the policy is available to you then you should be looking for whitelist/blacklist holes, examples are where wildcards are used or where there is no input validation or the wrong type/length checks in the case of whitelist, or where signature sets aren't enabled in the case of blacklist. If it's the former then standard IPS-like procedures should be in place for updates, logging etc. so I would focus on areas where the operational teams may not have skills or defined procedures. Chris.
On 7 Apr 2014, at 19:27, RAMELLA Sébastien <sebastien.ramella () white-hats fr> wrote: Hello, I read several articles about WAF. Mainly methods of bypass. Several papers were retained my attention, he was referred to a fuzzer like tool called "Waffun". I would like to assess the WAF through a company internal project. Anyone can share this tool or just inform me, tips, tools similar ... or best practice for evaluate WAF. Thanks in advance. RAMELLA Sébastien Intégrateur systèmes et réseaux / Consultant en sécurité des SI Microsoft Certified System Administrator __________________________________________ _______________________________________________ securityweekly mailing list securityweekly () mail securityweekly com http://mail.securityweekly.com/cgi-bin/mailman/listinfo/securityweekly Main Web Site: http://pauldotcom.com
_______________________________________________ securityweekly mailing list securityweekly () mail securityweekly com http://mail.securityweekly.com/cgi-bin/mailman/listinfo/securityweekly Main Web Site: http://pauldotcom.com
Current thread:
- [Security Weekly] Audit a WAF RAMELLA Sébastien (Apr 07)
- Re: [Security Weekly] Audit a WAF David Maynor (Apr 08)
- Re: [Security Weekly] Audit a WAF TAS (Apr 08)
- Re: [Security Weekly] Audit a WAF Chris Campbell (Apr 08)
- Re: [Security Weekly] Audit a WAF RAMELLA Sébastien (Apr 08)