WAF Identifier Security Check

Selman Genc - Wed, 19 Feb 2020 -

Invicti web application security scanners use many security checks to detect vulnerabilities in a scan. The Invicti Standard 5.6 January 2020 Update introduced a new WAF Identifier security check that is enabled by default.

In the Netsparker Standard 5.6 January 2020 Update, we introduced a new security check, the WAF Identifier Security Check. This new feature scans the application to determine whether there is a Web Application Firewall (WAF) enabled on the target website. If your target website has an enabled WAF, this would both block Netsparker attacks that are conducted during scans and overall reduce the coverage of the scan. The WAF Identifier security check is enabled by default. How it works is as follows. If Netsparker begins scanning and detects an enabled WAF, it displays a notification.

At that point, you can do one of two things. You can either stop the scan and disable the WAF, then start a new scan. Or, you can simply dismiss the warning. For further information, see Security Checks and WAF Identifier Security Check. For further information on other features in the latest release, see Netsparker Standard 5.6 – January 2019 Update.

WAF Identifier Security Check

Related Articles

SQL Injection Cheat Sheet

HTTP security headers: An easy way to harden your web applications

How you can disable directory listing on your web server – and why you should

JSON injection