Re: [Security Weekly] Audit a WAF

[TAS <p0wnsauc3 () gmail com>]

Hi,

Quick things that come to my mind are

1. Read the manual of the WAF you are reviewing. It will give you a
hint of what all does that model offer and what should be your area of
focus when reviewing the WAF
2. Check what mode is the WAF running in is it blocking or inline mode.
3. What policies are configured on the WAF.
4. Check if they have made any custom policies?
5. Check what kind of alerts are there on the WAF?
6. Check how is the monitoring done for the WAF?
7. Check how are the alerts processed.
8. Check how frequently the vendor releases signatures for new attacks
and how frequently they are updated
9. Rest of the things can be reviewed around logging, administrations
of the device, user accesses rights review. etc.

Point 1 is really the key.

Hope that helps.

-
TAS
http://twitter.com/p0wnsauc3


On 7 April 2014 23:57, RAMELLA Sébastien
<sebastien.ramella () white-hats fr> wrote:
> Hello,
> I read several articles about WAF. Mainly methods of bypass.
> Several papers were retained my attention, he was referred to a fuzzer like tool called "Waffun".
>
> I would like to assess the WAF through a company internal project.
>
> Anyone can share this tool or just inform me, tips, tools similar ... or best practice for evaluate WAF.
> Thanks in advance.
>
> RAMELLA Sébastien
> Intégrateur systèmes et réseaux / Consultant en sécurité des SI
> Microsoft Certified System Administrator
> __________________________________________
>
>
>
> _______________________________________________
> securityweekly mailing list
> securityweekly () mail securityweekly com
> http://mail.securityweekly.com/cgi-bin/mailman/listinfo/securityweekly
> Main Web Site: http://pauldotcom.com
_______________________________________________
securityweekly mailing list
securityweekly () mail securityweekly com
http://mail.securityweekly.com/cgi-bin/mailman/listinfo/securityweekly
Main Web Site: http://pauldotcom.com