Exporting Scan Results as Web Application Firewall Rules

This topic explains how you can export the list of vulnerabilities Netsparker Standard or Netsparker Enterprise identified during a web vulnerability scan and import them as rules in your web application firewall. Since at the moment you can only export ModSecurity firewall rules directly from the Netsparker scanners (see Generating ModSecurity Web Application Firewall Rules from Netsparker), this exercise will illustrate the process using Threadfix.

This means that you can export Netsparker scan results and import them as web application firewall rules to any type and brand of firewall that is supported by ThreadFix.

In this example, we will export the Netsparker scan results to an Imperva SecureSphere WAF.

How to Export the Vulnerability List in XML Format in Netsparker Enterprise

  1. Open Netsparker Enterprise.
  2. From the main menu, select Scan, then Recent Scans. The Recent Scans window is displayed.

  1. Next to the relevant scan, click Report. The Executive Summary window is displayed.

  1. Click Export. The Export Report dialog is displayed.

  1. From the Report dropdown, select Vulnerabilities List.
  2. The Format dropdown will automatically be set to XML.
  3. Click Export.

How to Export the Vulnerability List in XML Format in Netsparker Standard

Once the scan is ready, you can export the list of identified vulnerabilities in XML format.

  1. Open Netsparker Standard.
  2. In the ribbon, select the Reporting tab.

  1. In the Lists section, click Vulnerabilities List (XML). The Export Report dialog and the Save Report As dialog are displayed.

  1. In the Save Report As dialog, select where you want to save the Vulnerabilities List, and click Save.
  2. The Export Report dialog is displayed. The Path field is already populated from the previous step.
  3. Click Save.

How to Import the Vulnerability List in ThreadFix

In order to import the list of vulnerabilities in ThreadFix, and associate them with a web application so then you can export them as WAF rules, you should have an application associated with a team.

For further information on setting up ThreadFix, see ThreadFix Getting Started Guide.

  1. Log in to ThreadFix.
  2. In ThreadFix, navigate to the web application that you have just scanned in ThreadFix.

Upload vulnerability list to ThreadFix

  1. Click Upload Scan.
  2. Specify the path of the XML file and import the vulnerabilities.

How to Export the Vulnerability List from ThreadFix as Imperva WAF Rules

First you have to add or configure the Imperva firewall in ThreadFix.

  1. From the Settings dropdown, select WAFs.

Adding a WAF to ThreadFix

  1. Click Create WAF. The Create New WAF window is displayed.
  2. In the Name field, enter a name for the WAF.
  3. In the Type field, enter a type (in this case, select Imperva SecureSphere).
  4. Click Create WAF.

Once the Imperva WAF is successfully added to ThreadFix, you have to associate it to the web application in question.

  1. Navigate to the web application in ThreadFix.
  2. From the Action dropdown, select Edit/Delete.

Open the application settings in ThreadFix

  1. From the application's settings, click Set WAF.
  2. Select the Imperva web application firewall you have just created in the previous step.
  3. Click Add Waf and Save.

Associate a WAF To a web application in ThreadFix

  1. Click Save Changes to save the application's settings and the association.

Once the web application firewall is associated with your web application, you can export the rules to your Imperva WAF.

  1. From the Settings dropdown, navigate to the WAFs page by selecting WAFs.

See the Imperva WAF rules in ThreadFix

  1. Click Rulesto view the generated web application firewall rules.
  2. Click Download WAF Rules to export the generated rules into a text file.
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO