This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
In the Netsparker Standard 5.6 January 2020 Update, we introduced a new security check, the WAF Identifier Security Check. This new feature scans the application to determine whether there is a Web Application Firewall (WAF) enabled on the target website.
If your target website has an enabled WAF, this would both block Netsparker attacks that are conducted during scans and overall reduce the coverage of the scan.
The WAF Identifier security check is enabled by default. How it works is as follows. If Netsparker begins scanning and detects an enabled WAF, it displays a notification.
At that point, you can do one of two things. You can either stop the scan and disable the WAF, then start a new scan. Or, you can simply dismiss the warning.