oss-sec mailing list archives

Open Source WAF testing tools

From: "Martin O'Neil" <martinoneil.cyber () gmail com>
Date: Sun, 16 May 2021 12:01:23 -0700

Hi, list,

Does anybody know an open-source tool for testing Web Application Firewalls?

In an ideal case, with an out-of-the-box-ready CLI/UI, PDF reports, and a
configurable set of payloads to test. I need it to check if my WAF
deployment and rules work well.

I found at least 5 projects, all made by WAF vendors.

1. https://github.com/wallarm/gotestwaf byWallarm
2. https://github.com/signalsciences/waf-testing-framework by Signal
Sciences
3. https://github.com/fastly/ftw by Fastly
4. https://microsoft.github.io/WAFBench/ by Microsoft Azure WAF team
5. https://github.com/f5devcentral/f5-waf-tester by F5

The GoTestWAF project looks more active and supported by the community.
Does anybody recommend some other GitHub repositories, preferably made by
3rd party folks?

Thanks
Martin.

Current thread:

Open Source WAF testing tools Martin O'Neil (May 16)
- Re: Open Source WAF testing tools Brandon Perry (May 16)
- Re: Open Source WAF testing tools Ivan Novikov (May 16)