Skip to content

Configuration: WAF Bypass

Identifier: waf_bypass

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

A WAF bypass happens when attackers find ways to slip malicious traffic past your web application firewall, exploiting weak or misconfigured rules. This sort of issue arises when the WAF isn't thorough enough, often due to overly simplistic filtering that fails to catch cleverly disguised attacks. If attackers can bypass the firewall, they might inject harmful code or access sensitive data, potentially leading to breaches or system compromises. Developers sometimes fall into the trap of thinking the WAF will catch everything, but in reality, robust application security requires deeper checks and validation.

Configuration

Example

Example configuration:

---
security_tests:
  waf_bypass:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.