Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 4458 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF rule list

YujinWon

Hello All, 

I am looking for a list of SG WAF.
I want that the rule list need to include detail info, risk level, remediation and other related useful information.

I tried to find out this information from GitHub, modsecurity.org and others but I couldn’t find.

It would be much appreciated if anyone can help me.

Thanks, 



This thread was automatically locked due to age.
Parents
  • 0

    I have read somewhere in this forum that most of their rules are based on guidelines from owasp.org.

    I just try to use as many rules as I can make work, never tried to score them against a theoretical model.   The big frustration is that WAF configuration is trial and error, rather than being as transparent and simple as web filtering.   Form hardening and cookie hardening have been great disappointments.

Reply
  • 0

    I have read somewhere in this forum that most of their rules are based on guidelines from owasp.org.

    I just try to use as many rules as I can make work, never tried to score them against a theoretical model.   The big frustration is that WAF configuration is trial and error, rather than being as transparent and simple as web filtering.   Form hardening and cookie hardening have been great disappointments.

Children
No Data