Generate ModSecurity Web Application Firewall Rules from Netsparker Scanners

In an ideal world every vulnerability your web application security scanner identifies on your websites should be fixed at the earliest possible. Though the ideal world is far from a real life scenario, where unfortunately it is not always possible to fix all of the identified vulnerabilities. Or maybe  sometimes you need more time to work on a fix but the web application is live, hence it is at risk of being hacked.

Whatever the case is, you can always cover up the identified vulnerabilities until they are fixed. You can export the Netsparker scanners' findings as rules in ModSecurity web application firewall. Therefore even if the web application is still vulnerable malicious hackers cannot exploit it because the ModSecurity WAF will block their requests.

This article explains how you can export the vulnerabilities both Netsparker Desktop and Netsparker Cloud online web application security scanner identify in a web application as rules for ModSecurity web application firewall.

How Can I Export the Netsparker Desktop Scan Results as ModSecurity WAF Rules?

In Netspaker Desktop it is possible to either export the information about a single vulnerability as a ModSecurity rule or export information about all the vulnerabilities identified during the scan.

To export the information about a single vulnerability select the vulnerability, and select ModSecurity from the Generate WAF Rules button as shown in the below screenshot.

Exporting the details of a single vulnerability as a ModSecurity WAF rule

To export all the vulnerabilities as ModSecurity web application firewall rules click on the Reporting drop down menu and select ModSecurity WAF rules.

Exporting the Netsparker Desktop scan results as ModSecurity WAF rules

How can I Generate ModSecurity WAF Rules from Netsparker Cloud Scan Results?

In Netsparker Cloud you can also export the information about the identified vulnerabilities as rules for the ModSecurity web application firewall. To export the information navigate to the scan report and select ModSecurity WAF Rules from the Export options, as highlighted in the below screenshot.

Exporting the vulnerability scan as ModSecurity WAF rules

Note: You can only export a whole scan and it is not possible to export a single vulnerability in Netsparker Cloud. Should you wish to import a single vulnerability rule you can manually modify the exported ModSecurity configuration file.

What Type of ModSecurity Rules Can Netsparker Scanners Export?

The export from Netsparker scanners can include three types of ModSecurity rules;

  1. Deny access to a url with a vulnerable parameter,
  2. Deny access to a url that can be attacked with a payload,
  3. Deny access to an exact url.

The Netsparker scanners will automatically choose the type of rule depending on the vulnerability and you do not have to manually configure anything related to this.

Which Vulnerability Types Can Be Exported as ModSecurity Rules?

Not all vulnerabilities can be covered up by blocking access to a specific URL with a web application firewall, therefore not all vulnerabilities can be exported as ModSecurity rules. For example security flaws related to HTTP Cookies, sensitive comments in source code, application source code disclosure and other similar vulnerabilities will not be exported.


Dead accurate, fast & easy-to-use Web Application Security Scanner