Overview
Detection Rules are the core of how vulnerabilities are identified. They simulate attacker behavior by modifying requests and analyzing responses to detect security flaws.Rule Categories
- CRLF
- Authentication & Authorization
- Command Injection
- CORS
- Database Injection
- Error Handling & Logs
- File Inclusion
- Open Redirect
- Security Headers
- Sensitive Data Exposure
- SSRF
- XSS
- XXE
Creating a Rule
YAML-Based Rule Engine
Core Sections
- Transform
- Modify headers, query params, or body
- Match Conditions
- Status codes
- Response content
- Report
- Title
- Description
- Severity
- CWE
- CVSS
- Impact
- Mitigation
- Reproduction Steps
Rule Execution Logic
Rules work by:- Modifying the original request
- Sending the transformed request
- Analyzing the response
- Flagging unexpected behavior as vulnerabilities
Rule Management
- Enable / Disable toggle
- Severity classification
- Detection description
- Number of findings
Editing Rules
- Improve detection accuracy
- Reduce false positives
- Adjust logic for application-specific behavior
Deep Rule Customization
- Request transformations
- Matching conditions
- Reporting output
- Business logic flaws
- Authorization bypass
- Misconfigurations
- Edge-case vulnerabilities
Why It Matters
Detection Rules turn your scanner into a customizable security engine.Key Benefits
- Adapt scanning to your application logic
- Detect beyond standard vulnerability signatures
- Reduce noise with precise matching
- Align findings with real-world attack patterns
- Enable security teams to build reusable detection logic
Explore Live Demo
Explore WAS Live — No Signup Needed
Create, test, and deploy custom detection logic tailored to your applications.