Imperva Cyber Community

Expand all | Collapse all

WAF incombination with VulnScanTool

  • 1.  WAF incombination with VulnScanTool

    Posted 01-07-2020 07:24
    Hi there,

    I am a user within a firm that uses incapsula and there is some unclarity around the following:

    If Incapsula protects our site from OWASP Top 10, like SQL-injection, XSS, etc. 
    We are using VulscanTool to scan our website on vulnerabilities and our website is protected by the Incapsula.

    - Does this mean that the scan VulscanTool is executing never reaches my website?
    - Because Incapsula captures those requests coming from VulscanTool ?

    Can you please clarify this for me? 

    Thank you in advance! 
    Os
    #CloudWAF(formerlyIncapsula)

    ------------------------------
    osm okumu
    I am greatful for your knowledge and time
    ------------------------------


  • 2.  RE: WAF incombination with VulnScanTool

    Imperva Employee
    Posted 01-07-2020 07:39

    Hi Osm,
    Assuming that the site is fully configured, meaning all site traffic is directed to and passing through our service, and the WAF policies are set to block, then yes, Vulnscan requests will be captured and won't reach your server.

    I hope this helps.

    Regards,



    ------------------------------
    Ziv Leyes
    Senior Technical Account Manager
    Imperva


    "Thou shalt not covet
    thy neighbor's WiFi"
    ------------------------------



  • 3.  RE: WAF incombination with VulnScanTool

    Posted 01-07-2020 07:59
    Hey Ziv! 

    Thank you for your quick reply.

    Lets say the vulscantool is whitelisted on WAF;
    Does WAF allow the scans from vulscantool? 
    The parameters from vulscantool are seen as malicieus like sql injections. 

    Looking forward to your email. 

    Regards 
    Osman 

    Sent from my iPhone





  • 4.  RE: WAF incombination with VulnScanTool

    Imperva Employee
    Posted 01-07-2020 08:06
    Hi Osm,
    Depends at what level the Vulnscan is whitelisted, but in general, if it's configured as an exception for allowing its traffic we won't be inspecting the request and it will reach your server.

    I hope it makes sense.

    Cheers,

    ------------------------------
    Ziv Leyes
    Senior Technical Account Manager
    Imperva


    "Thou shalt not covet
    thy neighbor's WiFi"
    ------------------------------



  • 5.  RE: WAF incombination with VulnScanTool

    Imperva Employee
    Posted 01-07-2020 08:34
    Hi,

    Yes Incapsula will not allow any request coming from vulscanner tool.

    In case if you want to allow it you have to whitelist it for those sites where scanner will initiate traffic to websites.


    Regards,
    Sangita





  • 6.  RE: WAF incombination with VulnScanTool

    Imperva Employee
    Posted 01-08-2020 13:20
    Hi Os.  I think that (temporarily) whitelisting the IP of the scanner could work for you.

    However, I would encourage you to have a higher level discussion as to the purpose of the scan.  Do you want to know all the potential problems in the software?  Or do you want to know about potential vulnerabilities in your environment as a whole?

    Usually the scanner vendors tell you to turn off your protection so that they can generate a longer report.  However, ask the question, "If we managed to find a vulnerability in the site, but CloudWAF protected it, would we really dedicate significant resources to fixing it?"  

    Maybe you would if you are focused on secure coding practices, or if the code may deployed other places without a WAF.  However, in these cases, most customers will run their tests in a dedicated testing environment.

    Most of the time, the organization is really concerned about what vulnerabilities you may have that CloudWAF ISN'T blocking. (default passwords, bad application logic, etc.)

    Jim

    ------------------------------
    Jim Burtoft
    Imperva
    PA
    ------------------------------