Vulnerability description Import Wizard

Purpose

You can start this application-specific wizard on the Wizards tab when you’ve selected an application in the navigation area.

Instead of using the Vulnerability Description Import Wizard, you can also use Vulnerability Management for more advanced configuration.

A source code analyzing tool like CodeSecure (www.armorize.com) can scan your web application for possible vulnerabilities such as Cross-Site-Scripting (XSS) and SQL Injection. However, it may take some time to implement the fix and to test the fixed web application before you put it online.

The Vulnerability Description Import Wizard helps you to bridge this gap. The wizard automatically reads the report of the analyzing tool and creates a set of blacklist rules based on the vulnerable entry points and variables listed in the report.

This provides instant protection for a vulnerable web application.

ATTENTION

The Vulnerability Description Import Wizard wasn’t designed to guarantee long-time protection of vulnerable applications. If analysis revealed some attack vectors, fix these problems as soon as possible. Use the rules created by the Vulnerability Description Import Wizard only for interim protection.

For more information regarding Wizards, see Using Wizards to Configure Applications.

Prerequisites

You must have a vulnerability report file in xml format created by the product CodeSecure to use this wizard.

Also vWAF must have access to a current baseline rules file (see Baseline Protection and Configuring and Updating Baseline Protection).

Attributes

Attribute	Meaning
Document Root	The vulnerability report contains the full paths to individual files. In order to create generic rules for your web application, vWAF must remove those parts of the paths that won’t be part of a request. Therefore, you must specify your document root path, here. Example: On a web server, a web application is stored under the path /company/application1/. The URL to access this web application is `www.myapplication1.com`. So you must specify `/company/application1/`as your document root. If, for example, your vulnerability report lists a file `/company/application1/forms/form1.html`, this is then stripped to `/forms/form1.html`.
XML File Upload	Here you need to upload the XML file that contains your vulnerability report. Click the Browse button and select the file. Click the Submit File button. Once the file has been successfully transferred, the message “upload finished” appears underneath the input box. Press the Next button in the wizard to continue.

Attribute

Meaning

Document Root

The vulnerability report contains the full paths to individual files. In order to create generic rules for your web application, vWAF must remove those parts of the paths that won’t be part of a request. Therefore, you must specify your document root path, here.

Example:

On a web server, a web application is stored under the path /company/application1/. The URL to access this web application is www.myapplication1.com.

So you must specify /company/application1/as your document root.

If, for example, your vulnerability report lists a file /company/application1/forms/form1.html, this is then stripped to /forms/form1.html.

XML File Upload

Here you need to upload the XML file that contains your vulnerability report.

Click the Browse button and select the file.
Click the Submit File button.
Once the file has been successfully transferred, the message “upload finished” appears underneath the input box.
Press the Next button in the wizard to continue.

Handlers configured by the Vulnerability Description Import Wizard

The Vulnerability Description Import Wizard configures different handlers, including the Invalid Request Handler, based on the vulnerabilities listed in the vulnerability report file, and on the corresponding rules given by the rules file.