Skip to main content

Web application firewalls (WAF)

Veracode works with you to build custom rules for web application firewalls (WAF). You can use these rules to block potential attacks based on the results of your Dynamic Analysis scans.

Veracode helps you to create robust rules for each level of flaws that you find in your application scan details. WAF rules enable your application layer firewall to automatically remediate vulnerabilities as soon as they are detected. Web application firewalls are a common part of the web application security landscape. A core challenge when using a WAF is properly configuring the WAF rules; a firewall is only as good as its rules. Veracode assists you in creating rules using either Imperva or ModSecurity.

To interact with other users of these integrations, visit the Community forum.

Imperva

The following Imperva integrations are available:

  • Veracode for Imperva enables you to generate a rules text file of the vulnerabilities that Veracode Dynamic Analysis discovered in your applications. You import the rules to the Imperva SecureSphere management console, then use the console to convert and upload the rules to the WAF.
  • Imperva RASP SelfTune is a Java command-line utility you can use to mitigate vulnerabilities in web applications and APIs. You can integrate Selftune in to various automation frameworks, and it does not require you to have specific RASP, security, or development skills or knowledge. Imperva develops and supports Imperva RASP Self-Tune. For information or support, contact their support team.

Imperva is a member of the Veracode Technology Alliance Program.

Integration type: Partner

Generate Imperva WAF rules

You use the Veracode Platform to create Imperva rules that you can upload to your WAF.

These rules are not guaranteed nor designed to fix every vulnerability that Veracode discovered. Veracode recommends an in-depth defense strategy that also may require code-level remediation.

To complete this task:

  1. In the Veracode Platform, select My Portfolio > Applications.
  2. Locate an application with a completed Dynamic Analysis scan.
  3. In the Scan Status column, click Dynamic Scan to open the Application page.
  4. In the left pane, under Completed, click WAF Integration.
  5. Select Imperva from the Format dropdown menu.
  6. To generate a text file of Imperva rules, select Generate.
  7. Upload the rules text file to your WAF.
  8. Run a Dynamic Analysis to verify the effectiveness of the WAF rules.

ModSecurity

Veracode for ModSecurity enables you to equip your WAF with ModSecurity rules that attempt to block vulnerabilities that Veracode Dynamic Analysis discovered in your applications.

Integration type: Partner

Generate ModSecurity WAF rules

You use the Veracode Platform to create ModSecurity rules that you can upload to your WAF.

These rules are not guaranteed nor designed to fix every vulnerability that Veracode discovered. Veracode recommends an in-depth defense strategy that also may require code-level remediation.

To complete this task:

  1. In the Veracode Platform, select My Portfolio > Applications.
  2. Locate an application with a completed Dynamic Analysis scan.
  3. In the Scan Status column, click Dynamic Scan to open the Application page.
  4. In the left pane, under Completed, click WAF Integration.
  5. Select ModeSecurity from the Format dropdown menu.
  6. Enter the ID for the first rule. ModSecurity rules have identification (ID) numbers. The First Rule ID field specifies the ID of the first rule Veracode includes in the ModSecurity rules file. The ID value increments with successive issues. It is important to generate rules with identifiers that do not conflict with IDs already in use.
  7. Select the severity of the security rule from the dropdown menu. The default is 4 - Warning.
  8. To generate a text file of ModSecurity rules, select Generate.
  9. Upload this rules text file to your WAF.
  10. Run a Dynamic Analysis to verify the effectiveness of the WAF rules.