How to Export the Netsparker Web Vulnerability Scan Results as Web Application Firewall Rules

This article explains how you can export the list of vulnerabilities Netsparker Desktop or Netsparker Cloud identified during a web vulnerability scan and import them as rules in your web application firewall. Since at the moment you can only export ModSecurity firewall directly from the Netsparker scanners, for this exercise Threadfix will be used.

This means that you can export the Netsparker scan results and import them as web application firewall rules to any type and brand of firewall that is supported by ThreadFix. In this example we will export the Netsparker scan results to an Imperva SecureSphere WAF.

Export the Vulnerability List in XML Format

Once the scan is ready, you can export the list of identified vulnearbilities in XML format. In Netsparker Desktop you can do so by selecting the Vulnerabilities List (XML) from the Reporting drop down menu and saving them, as shown in the below screenshot.

Export the vulnerability list in XML format from Netsparker Desktop

If you are using Netsparker Cloud, when viewing the scan results click the Export button in the top right corner of the screens and click XML next to the Vulnerabilities List, as shown in the below screenshot.

Export the vulnerabilities list in XML format from Netsparker Cloud

Import the Vulnerability List in ThreadFix

Note: In order to import the list of vulnerabilities in ThreadFix and associate them with a web application so then you can export them as WAF rules, you should have an application associated to a team. For more information on setting up ThreadFix please refer to the ThreadFix Getting Started guide.

  1. Login to ThreadFix
  2. Navigate to the web application which you have just scanned in ThreadFix and click Upload Scan.

Upload vulnerability list to ThreadFix

  1. Specify the path of the XML file and import the vulnerabilities.

Export the Vulnerability List from ThreadFix as Imperva WAF Rules

1. Add / Configure Imperva WAF in ThreadFix

First you have to add the Imperva firewall in ThreadFix. To do so click WAFs from the Settings drop down menu shown in the below screenshot.

Adding a WAF to ThreadFix

Click Create WAF and specify a name for the WAF and the type of WAF, in this case select Imperva SecureSphere as shown in the below screenshot.

Configure the WAF in ThreadFix

Click Create WAF when ready.

2. Associate WAF With the Web Application

Once the Imperva WAF is successfully added to ThreadFix, you have to associate it to the web application in question. To do so navigate to the web application in ThreadFix and select Edit/Delete from the Action drop down menu, as shown in the below screenshot.

Open the application settings in ThreadFix

Click the Set WAF button from the application's settions (shown in the below screenshot) and choose the Imperva web application firewall you have just created in the previous step. Click Add Waf and Save.

Associate a WAF To a web application in ThreadFix

Once ready click Save Changes to save the application's settings and the association.

3. Export the Rules to Your Imperva WAF

Once the web application firewall is associated with your web application, navigate to the WAFs page by selecting WAFs from the Settings drop down menu (as per step 1 of this procedure). Click the Rules button highlighted in the below screenshot to see the generated web application firewall rules. Click Download WAF Rules to export the generated rules into a text file.

See the Imperva WAF rules in ThreadFix


Dead accurate, fast & easy-to-use Web Application Security Scanner