Giters

pbom-dev / OSCAR

A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Possibly wrong type category assigned to D1171 "Implement Web Application Firewall"

ventos opened this issue · comments

commented

I noticed that for the detection D1171 the type is set to Mitigation instead of Detection.

OSCAR/content/oscar/detections/D1171 - Implement Web Application Firewall.yaml

Line 2 in 6a8fb53

type: Mitigation

I guess this could be reasoned by a copy&paste error, from the corresponing M1883.

OSCAR/content/oscar/mitigations/M1883 - Implement Web Application Firewall.yaml

Lines 1 to 8 in 6a8fb53

id: M1883
type: Mitigation
summary: Implement Web Application Firewall
description: |
A web application firewall (WAF) is a security control that is designed to protect web applications from various types of cyber threats, such as web-based attacks, including Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF), and other application-layer attacks.
A WAF acts as a filter between a web application and the incoming requests from clients, such as web browsers or mobile apps.
It examines the incoming requests and responses to and from the web application, and applies a set of predefined security rules to identify and block malicious requests or traffic.

Since I'm currently reading up on this subject, I'm not sure if there's some systematic behind that, I didn't grasp yet. But it looked like an error to me.

commented

I tend to agree @ventos - it's more a mitigation than a detection item. However, we could argue that it can also be used for detection - as many organizations usually leave it in "alert only" mode.
wdyt?