HOME Cart(0) Quotation About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189760 (18 Oct 2025)

GB/T 32917-2016 PDF English

Q: Do you accept my currency other than USD?

Yes. https://www.ChineseStandard.us/products/GBT32917-2016 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

Q: How to buy and download a true PDF of English version of GB/T 32917-2016?

Answer: A step-by-step guide to download PDF of GB/T 32917-2016_English. Step 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD). Step 2: Search keyword 'GB/T 32917-2016'. Step 3: Click 'Add to Cart'. If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart. Step 4: Select payment option (Via payment agents Stripe or PayPal). Step 5: Customize Tax Invoice -- Fill up your email etc. Step 6: Click 'Checkout'. Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively. Step 8: Optional -- Go to download PDF. Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice. See screenshots for above steps: https://www.chinesestandard.net/Img/LDHowToStep1-3.jpg https://www.chinesestandard.net/Img/LDHowToStep4-6.jpg https://www.chinesestandard.net/Img/LDHowToStep7.jpg https://www.chinesestandard.net/Img/LDHowToStep8.jpg https://www.chinesestandard.net/Img/LDHowToStep9.jpg

US$620.00 · In stock · Download in 9 seconds
GB/T 32917-2016: Information security technology -- Security technique requirements and testing and evaluation approaches for WEB application firewall
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Obsolete

Standard ID	Contents [version]	USD	STEP2	[PDF] delivery	Name of Chinese Standard	Status
GB/T 32917-2016	English	620	Add to Cart	0-9 seconds. Auto-delivery	Information security technology -- Security technique requirements and testing and evaluation approaches for WEB application firewall	Obsolete

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: GB/T 32917-2016

Similar standards

GB/T 32918.1 GB/T 32918.2 GB/T 32918.3 GB/T 32916

GB/T 32917-2016: Information security technology -- Security technique requirements and testing and evaluation approaches for WEB application firewall

---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT32917-2016
GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information security technology - Security technique requirements and testing and evaluation approaches for WEB application firewall Issued on. AUGUST 29, 2016 Implemented on. MARCH 01, 2017 Issued by. General Administration of Quality Supervision, Inspection and Quarantine; Standardization Administration of PRC.

Foreword... 4 Introduction... 5 1 Scope... 6 2 Normative references... 6 3 Terms, definitions and abbreviations... 6 3.1 Terms and definitions... 6 3.2 Abbreviations... 7 4 Security technical requirements... 7 4.1 Basic level... 7 4.1.1 Security function requirements... 7 4.1.2 Self-security protection... 10 4.1.3 Security assurance requirements... 11 4.2 Enhanced level... 16 4.2.1 Security function requirements... 16 4.2.2 Self-security protection... 19 4.2.3 Security assurance requirements... 21 4.3 Performance requirements... 26 4.3.1 HTTP throughput... 26 4.3.2 HTTP maximum request rate... 27 4.3.3 Maximum number of concurrent HTTP connections... 27 5 Test evaluation method... 27 5.1 Test environment... 27 5.2 Basic level... 29 5.2.1 Evaluation method for security function requirements test... 29 5.2.2 Self-security protection test evaluation method... 35 5.2.3 Test evaluation methods for security assurance requirements... 40 5.3 Enhanced level... 49 5.3.1 Test evaluation method of security function requirements... 49 5.3.2 Test evaluation method of self-security protection... 56 5.3.3 Test evaluation method of security assurance requirements... 62 5.4 Performance test evaluation method... 72 5.4.1 HTTP throughput... 72 5.4.2 HTTP maximum request rate... 73 5.4.3 Maximum number of concurrent HTTP connections... 73 6 Classification of security technical requirements of WEB application firewall ... 74 References... 76

1 Scope

This standard specifies the security function requirements, self-security protection requirements, performance requirements, security assurance requirements of WEB application firewalls; provides corresponding test evaluation methods. This standard applies to the design, production, testing and procurement of WEB application firewalls.

2 Normative references

The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard. GB/T 25069-2010 Information security technology - Glossary

3 Terms, definitions and abbreviations

3.1 Terms and definitions The terms and definitions as defined in GB/T 25069-2010 as well as the following terms and definitions apply to this document. 3.1.1 WEB application firewall It is an information security product that performs protocol and content filtering on all WEB server access requests to WEB servers and WEB server responses based on pre-defined filtering rules and security protection rules, thereby realizing security protection functions for WEB servers and WEB applications. 3.1.2 WEB server A Web server is a program that provides services to clients (such as browsers) that make requests. When a web browser (client) connects to the server and requests resources, the server will process the request and send the resources to the browser. The web server uses HTTP to communicate with the web browser. Commonly used web servers are Apache and Internet information server. 3.2 Abbreviations The following abbreviations apply to this document. CSRF. Cross-site Request Forgery HTTP. Hypertext Transfer Protocol HTTPS. Hypertext Transfer Protocol over Secure Socket Layer SSL. Secure Socket Layer SQL. Structured Query Language URL. Uniform Resource Locator WEB. World Wide Web XSS Cross Site Scripting

4 Security technical requirements

4.1 Basic level 4.1.1 Security function requirements 4.1.1.1 HTTP filtering function 4.1.1.3 Other functions 4.1.1.3.1 Custom error page function It shall be possible to customize the error page returned by the WEB server. 4.1.2 Self-security protection 4.1.2.1 Identification and authentication 4.1.2.2 Security audit 4.1.2.2.1 Audit data generation The following audit logs shall be generated. 4.1.2.2.2 Audit log management function Management functions such as backup and query of audit data shall be provided. 4.1.2.2.3 Comprehensible format All audit records can be understood. 4.1.2.2.4 Prevention of loss of audit data Log information shall be stored in a permanent storage medium. When the storage space is exhausted, corresponding measures shall be taken to ensure that the audit data is not lost. 4.1.2.3 Statistics function It shall have the following statistical functions. 4.1.2.4 Remote management encryption When remote management is required, the remote management communication shall be encrypted and protected. 4.1.2.5 Condition monitoring During startup and normal work, self-checks shall be performed periodically or in accordance with the requirements of authorized administrators, including hardware working status monitoring, software module status monitoring, etc.; when abnormal working status is detected, the administrator shall be alerted. 4.1.2.6 Dual-system hot backup It shall have the dual-system hot backup function. When the main WEB application firewall fails, the standby WEB application firewall shall discover and take over the main WEB application firewall in time. 4.1.3 Security assurance requirements 4.1.3.1 Development 4.1.3.1.1 Security architecture The developer shall provide a description of the security architecture of the product's security functions; the security architecture’s description shall meet the following requirements. 4.1.3.1.2 Functional specification The developer shall provide a complete functional specification; the functional specification shall meet the following requirements. 4.1.3.1.3 Product design Developers shall provide product design documents; the product design documents shall meet the following requirements. 4.1.3.2 Guiding documents 4.2 Enhanced level 4.2.1 Security function requirements 4.2.1.1 HTTP filtering function 4.2.1.1.1 Allowed/forbidden HTTP request types It shall be able to set filter rules according to HTTP request types (including at least. GET, POST, PUT, HEAD, OPTIONS, etc.); allow or prohibit access according to the filter rules. 4.2.3 Security assurance requirements 4.2.3.1 Development

5 Test evaluation method

5.1 Test environment Figure 1 is a schematic diagram of the functional test environment of the WEB application firewall. 5.2 Basic level 5.2.1 Evaluation method for security function requirements test 5.2.1.1 HTTP filtering function 5.2.1.1.2 Length limits of each field in the HTTP protocol header The test evaluation method and results of the length limit of each field of the HTTP protocol header are as follows. 5.2.1.1.4 Support multiple HTTP request parameter encoding methods The test evaluation methods and results that support multiple HTTP request parameter encoding methods are as follows. 5.2.1.1.5 Identify and restrict HTTP response codes The test evaluation methods and results for identifying and restricting HTTP response codes are as follows. 5.2.1.1.6 URL content keyword filtering The test evaluation methods and results of URL content keyword filtering are as follows. a) Test evaluation method. The management host configures filtering rules based on URL content keywords; initiates an HTTP request containing the keywords from the test terminal, to detect whether it can block the HTTP request according to the filtering rules. b) Test evaluation results. Record the test results and make a judgment on whether the results fully meet the corresponding security technical requirements. 5.2.1.1.7 WEB server return content filtering The test evaluation methods and results of the content filtering returned by the WEB server are as follows. 5.3 Enhanced level 5.3.1 Test evaluation method of security function requirements 5.3.1.1 HTTP filtering function 5.3.3.3.2 Configuration management scope The test evaluation methods and results of the configuration management scope are as follows. 5.3.3.3.3 Delivery procedures The test evaluation methods and results of the delivery process are as follows. 5.3.3.3.4 Development security The development of secured testing and evaluation methods and results are as follows. 5.3.3.3.5 Life cycle definition The test evaluation methods and results of the life cycle definition are as follows. 5.3.3.3.6 Tools and technology The testing and evaluation methods and results of tools and technologies are as follows. 5.3.3.4 Test 5.3.3.4.1 Coverage The coverage test evaluation methods and results are as follows. 5.3.3.4.2 Depth The in-depth test evaluation methods and results are as follows. a) Test evaluation method. The evaluator shall check whether the developer provides the following test depth evidence; check whether the information provided by the developer meets all the requirements for the content and form of the evidence. 5.3.3.4.3 Function test The test evaluation methods and results of the functional test are as follows. 5.4 Performance test evaluation method 5.4.1 HTTP throughput The test evaluation methods and results of HTTP throughput are as follows. 5.4.2 HTTP maximum request rate The test evaluation method and results of HTTP maximum request rate are as follows. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.

Tips & Frequently Asked Questions

Question 1: How long will the true-PDF of English version of GB/T 32917-2016 be delivered?

Answer: The full copy PDF of English version of GB/T 32917-2016 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 32917-2016_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 32917-2016_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. www.ChineseStandard.us -- GB/T 32917-2016 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GB/T 32917-2016?

A step-by-step guide to download PDF of GB/T 32917-2016_English

Step 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 32917-2016".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9