How to Test Web Application Firewall

When you use a WAF or Web Application Firewall, it can successfully add an extra layer of security for your existing website. But, it is a blunder to depend upon the WAF exclusively for site protection. It is extremely important to have an overall solid security foundation in place for your coding practices to ensure that the site is secure. The main idea behind using the WAF is to keep this as a safety net when bugs go undetected or new ones develop because of some new code having been introduced.

So, it is equally important to have an efficient method for testing the WAF. Normally, you will already have a website functioning and a WAF placed to guard it from the hackers and cyber attacks. Your job is to identify your main enemies and threats, your surrounding infrastructure, which hosts are white listed and the kind of traffic that is sent to your website. When you first install the WAF, there are many possible initial configurations. These can be tedious as you slowly learn to add URLs or parameters to this Web Application Firewall.

In order to "test" the firewalls, it is important to let this firewall "learn" from the web traffic and then run a series of tests like automated scans, manual buffer overflows and forceful browsing. While this method is simple, it is ineffective. This is because simply testing the WAF to see whether it has the power to offer protection against attacks is similar to test-driving the car with just the ignition on. So, ideally, there should be a penetration test for the specific application without having the WAF in front. Secondly, the firewall must be deployed in the default configuration first to see if attacks are happening still. Then one should take these results to see if the firewall can be adjusted or configured to prevent such attacks. Once configurations are done, you should verify whether attacks are still penetrating the WAF.

This method is far more effective because it will check how the application benefits from such a firewall being placed in front of it. It also gives this firewall the opportunity to gat protection against attacks and finally, you do not simply get protection from canned attacks carried out by scammers; you also get to test its ability to prevent logical attacks.

Was this answer helpful? 9 10