We’ve released a mid-pandemic product that is designed to test production deployed WAF’s by doing exactly what @ranger_cha is describing.
It will run tests that include both known/existing attacks that a WAF should stop and common patterns that all WAF’s should recognize and stop. Separately and clearly, so the use can see the impact of stopping both sets of assessments separately.
https://www.ixiacom.com/products/threat-simulator
The intent of this product is to move out of the realm of lab testing firewalls/WAFs/Load Balancers and into the production network space.
-chuck
From: Dave Aitel via Dailydave dailydave@lists.aitelfoundation.org Reply-To: Dave Aitel dave.aitel@gmail.com Date: Saturday, July 11, 2020 at 12:42 PM To: "dailydave@lists.aitelfoundation.org" dailydave@lists.aitelfoundation.org Subject: [Dailydave] WAF Metrics
[EXTERNAL] So I'm making a video on metrics, of all things, and I wanted to post both this question https://urldefense.com/v3/__https:/twitter.com/daveaitel/status/1281629327776522242?s=20__;!!I5pVk4LIGAfnvw!z6kkVfeJEkYBNKEYbXzCN3lUbXnmBTnoqdbT0yC2ouioivlD5GYxZrzY2Uqfn6Pg$ and the best answer so far to the list to see if anyone had any other ideas or followups.
-dave
[cid:image001.png@01D6591F.53CF2170]
[cid:image002.png@01D6591F.53CF2170]