This is probably a stupid question but I'm not too terribly proficient with Citrix ADC WAF. My question is how do I tell if I'm using WASC 1.0 or WASC 2.0 signatures?
I ask because we had a cybersecurity firm run a series of penetration tests on a number of our public facing applications. They came up with a bunch of items that need to be fixed. A bunch of the minor and medium risks found were remedied with some rewrite policies, cleaning up weak ciphers, securing NetScaler cookies, and setting the "Secure" and "HttpOnly" flags on server response cookies.
The one major issue that they found is that there are no "anti-automation" protections in place. Their suggestion was to make sure we have WAF protection (I did not have the lb vservers on any WAF policies at the time of penetration testing). Well, I've got WAF protection now for the apps but I'm wondering if that's enough. I can't find any documentation locally about any "anti-automation" protection.
It states that the "WASC 2.0 signature types" can counter the "anti-automation" vulnerabilities. But I have no idea what to look for unfortunately because I'm not that well versed in Citrix ADC WAF. Will invest in some training when I get free time.
I also am not sure if I should put a set of rate limiters on the vulnerable vservers. (Another thing I don't know much about but intend to investigate.)
Firmware is 12.1
Common security checks that set to block are "Buffer Overflow", "Credit Card", "HTML Cross-Site Scripting", and "HTML SQL Injection".
Question
Anthony Alarcon
This is probably a stupid question but I'm not too terribly proficient with Citrix ADC WAF. My question is how do I tell if I'm using WASC 1.0 or WASC 2.0 signatures?
I ask because we had a cybersecurity firm run a series of penetration tests on a number of our public facing applications. They came up with a bunch of items that need to be fixed. A bunch of the minor and medium risks found were remedied with some rewrite policies, cleaning up weak ciphers, securing NetScaler cookies, and setting the "Secure" and "HttpOnly" flags on server response cookies.
The one major issue that they found is that there are no "anti-automation" protections in place. Their suggestion was to make sure we have WAF protection (I did not have the lb vservers on any WAF policies at the time of penetration testing). Well, I've got WAF protection now for the apps but I'm wondering if that's enough. I can't find any documentation locally about any "anti-automation" protection.
But then I found this article: https://docs.citrix.com/en-us/citrix-adc/12-1/application-firewall/appendixes/signatures-whitehat.html
It states that the "WASC 2.0 signature types" can counter the "anti-automation" vulnerabilities. But I have no idea what to look for unfortunately because I'm not that well versed in Citrix ADC WAF. Will invest in some training when I get free time.
I also am not sure if I should put a set of rate limiters on the vulnerable vservers. (Another thing I don't know much about but intend to investigate.)
Firmware is 12.1
Common security checks that set to block are "Buffer Overflow", "Credit Card", "HTML Cross-Site Scripting", and "HTML SQL Injection".
WAF Signature is 102
Link to comment
1 answer to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now