Solution Overview

The lab has 3 stages:

  1. Deploy a WAF policy without GraphQL content profile and review the ZAP report.
  2. Update the WAF policy with a GraphQL content profile allowing introspection and review the impact of this change by examining the ZAP report and learning suggestions.
  3. Make a change to the declarative policy, such as disabling the introspection and review the impact of this change by examining the ZAP report.

Lab Diagram