This chapter will guide you through the process of configuring FAST to detect XSS vulnerabilities in the Google Gruyere application. Upon completion of all necessary steps, you will be ready to proxy an HTTPS baseline request through the FAST node in order to find XSS vulnerabilities.
To generate a security test set, Wallarm FAST requires the following:
- A deployed FAST node, proxying baseline requests
- A connection of the FAST node to the Wallarm cloud
- A baseline request
- A test policy
It is strongly recommended that you create a dedicated policy for each target application under the test. However, you could make use of the default policy that is automatically created by the Wallarm cloud. This document will guide you through the process of creating a dedicated policy, while the default policy is beyond the scope of this guide.
To set the environment for testing, do the following:
The current example uses Google Gruyere as the target application. If you construct the baseline request to your local application, please use the IP address of the machine running this application instead of Google Gruyere address.
To get the IP address, you can use tools like
Provided baseline request is targeted to the Google Gruyere application, you should create a sandboxed instance of the application first. Then you should obtain a unique identifier of the instance.
To do that, navigate to this link. You will be given the identifier of the Google Gruyere instance, which you should copy. Read the terms of service and select the Agree & Start button.
The isolated Google Gruyere instance will be run. It will be made accessible to you by the following address:
https://google-gruyere.appspot.com/<your instance ID>/
Construct the baseline request to your instance of the Google Gruyere application. It is suggested in the guide that you use a legitimate request.
The request is as follows:
https://google-gruyere.appspot.com/<your instance ID>/snippets.gtl?password=paSSw0rd&uid=123
Select the “Test policies” tab and click the Create test policy button.
In the “General” tab set a meaningful name and description for the policy. It is suggested in this guide that you use the name
In the “Insertion points” tab set the baseline request elements that are eligible for processing during the process of security test set requests generation. It is are sufficient for the purposes of this guide to allow the processing of all GET parameters. To allow this, please add the
GET_.*expression in the “Where to include” block. When creating a policy, FAST allows processing of some parameters by default. You can delete them using the «—» symbol.
In the “Attacks to test” tab select one type of attack to exploit the vulnerability in the target application — XSS.
Make sure that the policy preview in the column on the very right looks as follows:
X-Wallarm-Test-Policy: type=xss; insertion=include:'GET_.*';
Select the Save button to save the policy.
Return to the test policy list by selecting the Back to test policies button.
Detailed information about test policies is available by the link.
Now you should have all of the chapter goals completed, with the HTTPS baseline request to the Google Gruyere application and the test policy targeted at XSS vulnerabilities.