Security Test: WAF Bypass¶
Description¶
Default Severity:
A WAF bypass happens when attackers find ways to slip malicious traffic past your web application firewall, exploiting weak or misconfigured rules. This sort of issue arises when the WAF isn't thorough enough, often due to overly simplistic filtering that fails to catch cleverly disguised attacks. If attackers can bypass the firewall, they might inject harmful code or access sensitive data, potentially leading to breaches or system compromises. Developers sometimes fall into the trap of thinking the WAF will catch everything, but in reality, robust application security requires deeper checks and validation.
Configuration¶
Identifier:
configuration/waf_bypass
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.1 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.13.1 |
| NIST | SP800-41 |
| FedRAMP | SC-7 |
| CWE | 20 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
| CVSS Score | 7.5 |