Dailydave mailing list archives

Re: [EXTERNAL] WAF Metrics

From: Rafal Los via Dailydave <dailydave () lists aitelfoundation org>
Date: Mon, 13 Jul 2020 14:46:00 +0000

John,
Can you expand on #2? How do you measure the number of attacks stifled?

_--
Rafal
_Mobile: (404) 606-6056
_Email: Rafal.Los@Seventy7.Consulting<mailto:Rafal.Los@Seventy7.Consulting>


From: John Lampe via Dailydave <dailydave () lists aitelfoundation org>
Reply-To: John Lampe <jlampe () tenable com>
Date: Saturday, July 11, 2020 at 9:52 PM
To: Dave Aitel <dave.aitel () gmail com>
Cc: "dailydave () lists aitelfoundation org" <dailydave () lists aitelfoundation org>
Subject: [Dailydave] Re: [EXTERNAL] WAF Metrics

So, I recently did an integration for a company that took their web app scanner results and mapped those to existing 
WAF rules. I can think of 2 metrics based off that

1) How many real-world vulns have a corresponding check in the WAF? and
2) Once the WAF rules have been put in place to protect actually-vulnerable endpoints, how many attacks were actually 
stifled?

John


On Sat, Jul 11, 2020 at 12:51 PM Dave Aitel via Dailydave <dailydave () lists aitelfoundation org<mailto:dailydave () 
lists aitelfoundation org>> wrote:
*** CAUTION: This email was sent from an EXTERNAL source. Think before clicking links or opening attachments. ***

________________________________
So I'm making a video on metrics, of all things, and I wanted to post both this question 
<https://twitter.com/daveaitel/status/1281629327776522242?s=20> and the best answer so far to the list to see if anyone 
had any other ideas or followups.

-dave


[cid:image001.png@01D65902.CB3B5C00]

[cid:image002.png@01D65902.CB3B5C00]
_______________________________________________
Dailydave mailing list -- dailydave () lists aitelfoundation org<mailto:dailydave () lists aitelfoundation org>
To unsubscribe send an email to dailydave-leave () lists aitelfoundation org<mailto:dailydave-leave () lists 
aitelfoundation org>

_______________________________________________
Dailydave mailing list -- dailydave () lists aitelfoundation org
To unsubscribe send an email to dailydave-leave () lists aitelfoundation org

Current thread:

WAF Metrics Dave Aitel via Dailydave (Jul 11)
- Re: [EXTERNAL] WAF Metrics John Lampe via Dailydave (Jul 11)
  - Re: [EXTERNAL] WAF Metrics Rafal Los via Dailydave (Jul 13)
    - Re: [EXTERNAL] WAF Metrics John Lampe via Dailydave (Jul 13)
    - Re: [EXTERNAL] WAF Metrics Chuck McAuley via Dailydave (Jul 15)
    - Re: [EXTERNAL] WAF Metrics Don Ankney via Dailydave (Jul 15)
    - Re: [EXTERNAL] WAF Metrics Greg Frazier via Dailydave (Jul 17)
    - Re: [EXTERNAL] WAF Metrics Chuck McAuley via Dailydave (Jul 17)
- Re: WAF Metrics Moses Frost via Dailydave (Jul 11)
- Re: WAF Metrics Chuck McAuley via Dailydave (Jul 13)