The purpose of the WebApplicaitonFirewall (WAF) is to mitigate vulnerabilities without the need to alter the source code of the WebApplicaiton. A WAF consists of both hardware and software that enables the functionality. In summary, the WAF is to prevent attacks on the WebApplication.
|WebApplication||Firewall Execution||The WebApplication protected by the WebApplicationFirewall.|
The WebApplicationFirewall has one relation and that is a connection to the WebApplication.
Attack Steps and Defenses
|None||There are no attack steps associated with the WebApplicationFirewall object.|
|BlackBoxTuned||Black box testing denotes the process of automated testing through scanners or fuzzers without access to the source code. Which should decrease the number of false positives as well as false negatives and detect manipulatable parameters. This defense denotes whether or not the firewall is tuned using black box testing.||Reduces the risk of BypassWAF.||On|
|Enabled||Denotes if the WebApplicationFirewall is active or not||Reduces the risk of all BypassWAF attack steps||On|
|ExpertTuned||This defense denotes whether or not the firewall has been tuned by an individual with significant experience in the field. An experienced tuner has a better understanding of the threats and how to mitigate them, thus; making the firewall more effective.||Reduces the risk of BypassWAF.||Off|
|Monitored||Denotes whether or not there is an experienced operator monitoring the Web Application Firewall. This should make it more difficult to perform successful brute-force attacks, as these are detected by the operator.||Reduces the risk of BypassWAF.||Off|
|TuningEffort||Considerable effort has to be spent to properly tune the firewall to get the expected detection and prevention capabilities. Furthermore, effort needs to be spent to ensure that the firewall is effective during its lifetime.||Reduces the risk of BypassWAF.||Off|