oss-sec mailing list archives
Re: Open Source WAF testing tools
From: Brandon Perry <bperry.volatile () gmail com>
Date: Sun, 16 May 2021 14:26:14 -0500
Use Burp and test by hand?
On May 16, 2021, at 2:01 PM, Martin O'Neil <martinoneil.cyber () gmail com> wrote: Hi, list, Does anybody know an open-source tool for testing Web Application Firewalls? In an ideal case, with an out-of-the-box-ready CLI/UI, PDF reports, and a configurable set of payloads to test. I need it to check if my WAF deployment and rules work well. I found at least 5 projects, all made by WAF vendors. 1. https://github.com/wallarm/gotestwaf byWallarm 2. https://github.com/signalsciences/waf-testing-framework by Signal Sciences 3. https://github.com/fastly/ftw by Fastly 4. https://microsoft.github.io/WAFBench/ by Microsoft Azure WAF team 5. https://github.com/f5devcentral/f5-waf-tester by F5 The GoTestWAF project looks more active and supported by the community. Does anybody recommend some other GitHub repositories, preferably made by 3rd party folks? Thanks Martin.
Attachment:
signature.asc
Description: Message signed with OpenPGP
Current thread:
- Open Source WAF testing tools Martin O'Neil (May 16)
- Re: Open Source WAF testing tools Brandon Perry (May 16)
- Re: Open Source WAF testing tools Ivan Novikov (May 16)