In the modern world, we're frequently testing applications that are behind a Web Application Firewall (WAF). The purpose of the WAF is to prevent attacks from reaching the application itself through rules that you can specify and, in many cases, by learning from attacks on other systems.

Our role when performing testing is to identify any potential system vulnerabilities, assess them, and investigate how well the current security solutions are working. However, we also feel that our clients benefit more from us testing their application rather than testing the WAF that sits in front of it. After all, the companies that create the WAF have plenty of money to do this themselves!

It is also common that our team to work under constrained time limits defined by the scope of the project. For example, a real-life malicious actor could target the organisation for many months, or years. Our team has to replicate the same process in a significantly shorter timeframe. Therefore, we need to make sure that we test in the most efficient manner possible.

It is also important to be aware of what happens should the WAF fail or through misconfiguration, expose the application to the outside world. If this happens, it would make sense to know how your application will respond. It is crucial to remember that a WAF might materially affect how a penetration test turns out and might conceal or block some vulnerabilities and attacks, providing the impression that everything is secure.

Our goal is to ensure that you have full confidence in your application and remove doubt that your software is vulnerable to potential exploits. Therefore, we want to make sure that we accurately represent the security posture of your systems and applications.

Help us to give you this confidence by adding our systems to your Allowlist.