This chapter will guide you through the process of configuring FAST to detect XSS vulnerabilities in the Google Gruyere application. Upon completion of all necessary steps, you will be ready to proxy an HTTPS baseline request through the FAST proxy in order to find XSS vulnerabilities.
To generate a security test set, Wallarm FAST requires the following:
- A deployed FAST proxy node, proxying baseline requests
- A connection of the FAST proxy node to the Wallarm cloud
- A baseline request
- A test policy
You have successfully deployed a FAST proxy node and connected it to the cloud in the previous chapter. In this chapter you will focus on creating a testing policy and a baseline request.
A test policy describes the rules for finding vulnerabilities in the baseline requests to the target application. Particularly, the policy points out which kinds of vulnerabilities FAST would try to exploit. The policy declares which parameters in HTTP or HTTPS requests can be modified and which cannot. FAST uses this knowledge to modify the baseline request while trying to exploit certain vulnerabilities.
It is strongly recommended that you create a dedicated policy for each target application under the test. However, you could make use of the default policy that is automatically created by the Wallarm cloud. This document will guide you through the process of creating a dedicated policy, while the default policy is beyond the scope of this guide.
To set the environment for testing, do the following:
Provided that the baseline request is targeted to the Google Gruyere application, you should create an sandboxed instance of the application first. Then you should obtain a unique identificator of the instance.
To do that, navigate to this link. You will be given the identificator of the Google Gruyere instance, which you should copy. Read the terms of service and select the Agree & Start button.
The isolated Google Gruyere instance will be run. It will be made accessible to you by the following address:
https://google-gruyere.appspot.com/<your instance ID>/
Construct the baseline request to your instance of the Google Gruyere application. It is suggested in the guide that you use a legitimate request.
The request is as follows:
https://google-gruyere.appspot.com/<your instance ID>/snippets.gtl?password=paSSw0rd&uid=123
Select the “Test policies” tab and click the Create test policy button.
In the “General” tab set a meaningful name and description for the policy. It is suggested in this guide that you use the name
In the “Insertion points” tab set the baseline request parameters that are eligible for modification during the process of security test set requests generation. The default
POST_.*regular expressions are sufficient for the purposes of this guide (they are located in the “Where to include” section). Including the aforementioned regular expressions in the “Insertion points” section allows FAST to modify any parameters in baseline requests.
In the “Attacks to test” tab select one type of attack to test the application for — XSS attacks.
Make sure that the policy preview in the column on the very right looks as follows:
X-Wallarm-Test-Policy: type=xss; insertion=include:'POST_.*','GET_.*';
Select the Save button to save the policy.
Return to the test policy list by selecting the ← Edit test policy button.
Now you should have all of the chapter goals completed, with the HTTPS baseline request to the Google Gruyere application and the test policy targeted at XSS vulnerabilities.