oss-sec mailing list archives

Re: Open Source WAF testing tools

From: Brandon Perry <bperry.volatile () gmail com>
Date: Sun, 16 May 2021 14:26:14 -0500

Use Burp and test by hand?

On May 16, 2021, at 2:01 PM, Martin O'Neil <martinoneil.cyber () gmail com> wrote:

Hi, list,

Does anybody know an open-source tool for testing Web Application Firewalls?

In an ideal case, with an out-of-the-box-ready CLI/UI, PDF reports, and a
configurable set of payloads to test. I need it to check if my WAF
deployment and rules work well.

I found at least 5 projects, all made by WAF vendors.

1. https://github.com/wallarm/gotestwaf byWallarm
2. https://github.com/signalsciences/waf-testing-framework by Signal
Sciences
3. https://github.com/fastly/ftw by Fastly
4. https://microsoft.github.io/WAFBench/ by Microsoft Azure WAF team
5. https://github.com/f5devcentral/f5-waf-tester by F5

The GoTestWAF project looks more active and supported by the community.
Does anybody recommend some other GitHub repositories, preferably made by
3rd party folks?

Thanks
Martin.

Attachment: signature.asc
Description: Message signed with OpenPGP

Current thread:

Open Source WAF testing tools Martin O'Neil (May 16)
- Re: Open Source WAF testing tools Brandon Perry (May 16)
- Re: Open Source WAF testing tools Ivan Novikov (May 16)