Customer SupportGet Expert Help
Skip to main content

Introduction

Implementing a Web Application Vulnerability Testing Environment enhances the utilisation of MaxiSafe’s Web Application & API Protection (WAAP) capabilities. This isolated environment allows security teams to simulate attack scenarios such as SQL injection, cross-site scripting (XSS), and authentication bypass without affecting production systems. This setup facilitates:

  • Validation of MaxiSafe’s detection, mitigation, and analytics accuracy.
  • Fine-tuning of WAF rules, rate limiting, and threat signatures.
  • Verification of policy coverage for both known and custom application behaviours.

Recommended Testing Environments

  1. DVWA (Damn Vulnerable Web Application)

    • PHP/MySQL application with multiple vulnerability levels.
    • Focus: XSS, SQLi, CSRF, file inclusion.
    • Suitable for testing WAAP/WAF response to common attacks.
    • Repository

  2. WAPP (buggy Web Application)

    • Over 100 vulnerabilities, including the OWASP Top 10.
    • Suitable for comprehensive security policy testing.
    • Download

  3. OWASP Juice Shop

    • Single-page app (Node.js/Angular) with both visible and hidden vulnerabilities.
    • Suitable for testing WAAP analytics and modern security features.
    • Documentation