![]() ![]() While testing the OWASP CRS 3 & Comodo WAF rules, I have found some loop hole which allow user to bypass sql injection rules. Start testing the WAF rule i.e Comodo free WAF rules or OWASP CRS rules with vulnerable web application and identifying the security issue in their rules. But when I tried injection payloads with different encoding techniques i.e Base64,urlencoded (any other encoding method that support on application back-end), it failed to detect which lead to all possible injection attack. When i started testing normal injection technique on both OWASP CRS 3 & Comodo WAF Ruleset configured separately with vulnerable app i.e SQLI-LABS, WAF works well. Restart the Apache server and start testing the WAF rules.conf and include in the default rules directory. Follow the modsecurity syntax to write a new rule.Based on that develope regex pattern to match that payload.At first, try to identify the security issue i.e payload or process which normally WAF failed to detect. ![]() How to write Custom WAF rule to block new attacks on web application? In this blog, we will see how to identify flaws in WAF and write our custom waf rules to block new attacks against our vulnerable application. ![]()
0 Comments
Leave a Reply. |