Setting the environment for testing

This chapter will guide you through the process of configuring FAST to detect XSS vulnerabilities in the Google Gruyere application. Upon completion of all necessary steps, you will be ready to proxy an HTTPS baseline request through the FAST node in order to find XSS vulnerabilities.

To generate a security test set, Wallarm FAST requires the following:

  • A deployed FAST node, proxying baseline requests
  • A connection of the FAST node to the Wallarm cloud
  • A baseline request
  • A test policy

You have successfully deployed a FAST node and connected it to the cloud in the previous chapter. In this chapter you will focus on creating a testing policy and a baseline request.

The test scheme in use

A test policy describes the rules for finding vulnerabilities in the baseline requests to the target application. Particularly, the policy points out which kinds of vulnerabilities FAST would try to exploit. The policy declares which parameters in HTTP or HTTPS requests can be modified and which cannot. FAST uses this knowledge to modify the baseline request while trying to exploit certain vulnerabilities.

Creating a test policy

It is strongly recommended that you create a dedicated policy for each target application under the test. However, you could make use of the default policy that is automatically created by the Wallarm cloud. This document will guide you through the process of creating a dedicated policy, while the default policy is beyond the scope of this guide.


To set the environment for testing, do the following:

  1. Prepare the baseline request
  2. Create the test policy targeted at XSS vulnerabilities

1. Prepare the baseline request

  1. Provided that the baseline request is targeted to the Google Gruyere application, you should create an sandboxed instance of the application first. Then you should obtain a unique identificator of the instance.

    To do that, navigate to this link. You will be given the identificator of the Google Gruyere instance, which you should copy. Read the terms of service and select the Agree & Start button.

    Google Gruyere start page

    The isolated Google Gruyere instance will be run. It will be made accessible to you by the following address:

    https://google-gruyere.appspot.com/<your instance ID>/

  2. Construct the baseline request to your instance of the Google Gruyere application. It is suggested in the guide that you use a legitimate request.

    The request is as follows:

    https://google-gruyere.appspot.com/<your instance ID>/snippets.gtl?password=paSSw0rd&uid=123
    

2. Create a test policy targeted at XSS vulnerabilities

  1. Log in to the My Wallarm portal using the account you created earlier.

  2. Select the “Test policies” tab and click the Create test policy button.

    Test policy creation

  3. In the “General” tab set a meaningful name and description for the policy. It is suggested in this guide that you use the name DEMO POLICY.

    Test policy wizard: the “General” tab.

  4. In the “Insertion points” tab set the baseline request parameters that are eligible for modification during the process of security test set requests generation. The default GET_.* and POST_.* regular expressions are sufficient for the purposes of this guide (they are located in the “Where to include” section). Including the aforementioned regular expressions in the “Insertion points” section allows FAST to modify any parameters in baseline requests.

    Test policy wizard: the “Insertion points” tab.

  5. In the “Attacks to test” tab select one type of attack to test the application for — XSS attacks.

    Test policy wizard: the “Attacks to test” tab.

  6. Make sure that the policy preview in the column on the very right looks as follows:

    X-Wallarm-Test-Policy:
    type=xss; 
    insertion=include:'POST_.*','GET_.*';
    
  7. Select the Save button to save the policy.

  8. Return to the test policy list by selecting the ← Edit test policy button.


Now you should have all of the chapter goals completed, with the HTTPS baseline request to the Google Gruyere application and the test policy targeted at XSS vulnerabilities.

results matching ""

    No results matching ""