The purpose of the WebApplicaitonFirewall (WAF) is to mitigate vulnerabilities without the need to alter the source code of the WebApplicaiton. A WAF consists of both hardware and software that enables the functionality. In summary, the WAF is to prevent attacks on the WebApplication.

WebApplicationFirewall and Neighboring Objects
WebApplicationFirewall and Neighboring Objects


WebApplicationFirewall ExecutionThe WebApplication protected by the WebApplicationFirewall.


The WebApplicationFirewall has one relation and that is a connection to the WebApplication.

Attack Steps and Defenses

WebApplicationFirewall Attack Steps and Defenses
WebApplicationFirewall Attack Steps and Defenses


Attack StepDescription
NoneThere are no attack steps associated with the WebApplicationFirewall object.


BlackBoxTunedBlack box testing denotes the process of automated testing through scanners or fuzzers without access to the source code. Which should decrease the number of false positives as well as false negatives and detect manipulatable parameters. This defense denotes whether or not the firewall is tuned using black box testing.Reduces the risk of BypassWAF.On
ExpertTunedThis defense denotes whether or not the firewall has been tuned by an individual with significant experience in the field. An experienced tuner has a better understanding of the threats and how to mitigate them, thus; making the firewall more effective.Reduces the risk of BypassWAF.Off
MonitoredDenotes whether or not there is an experienced operator monitoring the Web Application Firewall. This should make it more difficult to perform successful brute-force attacks, as these are detected by the operator.Reduces the risk of BypassWAF.Off
TuningEffortConsiderable effort has to be spent to properly tune the firewall to get the expected detection and prevention capabilities. Furthermore, effort needs to be spent to ensure that the firewall is effective during its lifetime.Reduces the risk of BypassWAF.Off