# WAF Comparison Project

The WAF Comparison Project is a GitHub repository that contains testing datasets and tools to test WAF efficacy in the two most important categories:

* Security Coverage (True Positive Rate) - measures the WAF's ability to correctly identify and block malicious requests is crucial in today's threat landscape. It must preemptively block zero-day attacks as well as effectively tackle known attack techniques utilized by hackers
* Precision (False Positive Rate) – measures the WAF's ability to correctly allow legitimate requests. Any hindrance to these valid requests could lead to significant business disruption and an increased workload for administrators.

This project aims to measure the efficacy of WAFs using a very comprehensive data set&#x20;

* **1,040,242** legitimate HTTP requests from **692** real websites in **14** categories
* **73,924** malicious payloads from a broad spectrum of commonly experienced attack vectors

The project GitHub can be found [here](https://github.com/openappsec/waf-comparison-project).

It is also explained at length in this [blog](https://www.openappsec.io/post/best-waf-solutions-in-2026-real-world-comparison).

###

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.openappsec.io/references/waf-comparison-project.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.