WAF Comparison Project
The WAF Comparison Project is a GitHub repository that contains testing datasets and tools to test WAF efficacy in the two most important categories:
Security Coverage (True Positive Rate) - measures the WAF's ability to correctly identify and block malicious requests is crucial in today's threat landscape. It must preemptively block zero-day attacks as well as effectively tackle known attack techniques utilized by hackers
Precision (False Positive Rate) – measures the WAF's ability to correctly allow legitimate requests. Any hindrance to these valid requests could lead to significant business disruption and an increased workload for administrators.
This project aims to measure the efficacy of WAFs using a very comprehensive data set
1,040,242 legitimate HTTP requests from 692 real websites in 14 categories
73,924 malicious payloads from a broad spectrum of commonly experienced attack vectors
The project GitHub can be found here.
It is also explained at length in this blog.
Last updated