Which of the following web application threats is not typically mitigated by installing a WAF? (Select the best
answer.)
A.
exploits related to uncloaked error messages
B.
exploits against known vulnerabilities
C.
exploits related to directory traversal vulnerabilities
D.
exploits against unknown vulnerabilities
E.
exploits related to viruses in file uploads
Explanation:
Of the available choices, exploits related to unknown vulnerabilities are not typically mitigated by installing a
web application firewall (WAF). A WAF sits between a web application and the end user in order to protect the
application from malicious activity and known vulnerabilities. Therefore, by installing a WAF, it is possible to
protect a vulnerable web application without modifying the application code.
WAFs are not typically capable of protecting a web application against unknown vulnerabilities. WAFs can
protect against known or common unpatched web application vulnerabilities by using techniques such as
cloaking to protect against information leakage related to uncloaked error messages, encrypting Uniform
Resource Locators (URLs) to protect against exploits related to directory traversal, and checking file uploads
for viruses.OWASP: Category:OWASP Best Practices: Use of Web Application Firewalls