Skip to main content

Rule Info

To display information about a found rule, click on it. The information about the rule includes:

  • Vulnerability Description — general vulnerability information.
  • Example — examples of vulnerabilities in code.
  • Recommendations — recommendations for protecting the system.
  • Links — links to information resources related to vulnerability.
  • Classifications — references to the corresponding CWE, CWE / SANS Top 25, OWASP Top 10 or OWASP Mobile Top 10, OWASP ASVS, OWASP MASVS, PCI DSS, and HIPAA items (provided with respective identifiers).
  • Rule Sets — to add/exclude a rule from the set.
  • Patterns — to add new patterns and edit existing user patterns.
  • WAF Configuration Guide (for system rules only).

Patterns define conditions when a code fragment is marked as vulnerable. To store patterns, we have developed a proprietary universal XML format. To add a pattern, click Create pattern on the Patterns tab, enter the name, severity level, confidence level and XML pattern, then click Save (fig. 9.3). You can create public patterns.

Figure 9.3: Create pattern
Figure 9.3: Create pattern