Yeah, I guess the way I would envision it going would be:
1) web app scanner sees XSS vuln on /path/to/foo.php 2) my integration ties that web app scan into a format to pass to WAF 3) WAF sets up anti-xss rules on /path/to/foo.php (we had to actually create a static mapping for this step) 4) measure how many hits the waf blocks to that endpoint for the XSS
John
On Mon, Jul 13, 2020 at 10:46 AM Rafal Los Rafal@ishackingyou.com wrote:
**** CAUTION: This email was sent from an EXTERNAL source. Think before clicking links or opening attachments. ****
John,
Can you expand on #2? How do you measure the number of attacks stifled?
_ *-- **Rafal* *_Mobile:*
- (404) 606-6056 **_Email**: Rafal.Los@Seventy7.Consulting
Rafal.Los@Seventy7.Consulting*
*From: *John Lampe via Dailydave dailydave@lists.aitelfoundation.org *Reply-To: *John Lampe jlampe@tenable.com *Date: *Saturday, July 11, 2020 at 9:52 PM *To: *Dave Aitel dave.aitel@gmail.com *Cc: *"dailydave@lists.aitelfoundation.org" < dailydave@lists.aitelfoundation.org> *Subject: *[Dailydave] Re: [EXTERNAL] WAF Metrics
So, I recently did an integration for a company that took their web app scanner results and mapped those to existing WAF rules. I can think of 2 metrics based off that
How many real-world vulns have a corresponding check in the WAF? and
Once the WAF rules have been put in place to protect
actually-vulnerable endpoints, how many attacks were actually stifled?
John
On Sat, Jul 11, 2020 at 12:51 PM Dave Aitel via Dailydave < dailydave@lists.aitelfoundation.org> wrote:
*** CAUTION: This email was sent from an EXTERNAL source. Think before clicking links or opening attachments. ***
So I'm making a video on metrics, of all things, and I wanted to post both this question https://twitter.com/daveaitel/status/1281629327776522242?s=20and the best answer so far to the list to see if anyone had any other ideas or followups.
-dave
Dailydave mailing list -- dailydave@lists.aitelfoundation.org To unsubscribe send an email to dailydave-leave@lists.aitelfoundation.org
