Hi all. We developed our application using the desktop version of Microsoft Excel, connecting through an apache tomcat web server to a SQL Server database. The connection is made using Microsoft’s winhttp while tomcat manages the java script files. In one of our operations, uploading a document, the WAF gives a challenge due to the OWASP score (109).
We scan our source through Veracode, so we know our application is security bot’s worst nightmare, because we look like we’re very malicious, but that’s just how we work. I guess I would like to find out two things first.
- How can I find out what WAF rules to change based on the rules it broke listed from teh firewall log
- Are there any other methods to work with when you’re app isn’t traditional, and the challenge won’t appear on the end user’s machine (as it’s not a browser).