w-o-f

"Web application firewalls (WAF)" , The today's requirement to secure the web applications without
changing the existing infrastructure.But at the same time, it is a big risk in case of WAF behavior and false positives (legitimate traffic blocking). This talk will demonstrates a new concept to evaluate
any WAF without taking risk of putting any WAFs into inline mode.Everything will be in learning or in passive mode.This project describes concept of one special engine,which can be used to evaluate any WAFs with zero risk to the end user (website owner),no matter whether its vendor supports Passive mode or not(i.e. modsecurity or naxsi).

Features

Passively evaluate any Web Application Firewall
Supports phase-3 (RESPONSE_HEADERS) and phase-4 (RESPONSE_BODY) operations for mod_security.
Actual IP Impersonation
Generates log in Apache and mod_security format

Project Samples

Step-1 ( Run through Command line using "java -jar" switch

Step-2 (Choose NIC, Website and WAF URL)

Step-4 (See the attack is performed over "demo.testfire.net" but you can see the blocking log on "WOF" console )

Simulated Request identical to Browser's request generated by "WOF"

Project Activity

See All Activity >

Follow w-o-f

w-o-f Web Site

Other Useful Business Software

Gen AI apps are built with MongoDB Atlas

The database for AI-powered applications.

MongoDB Atlas is the developer-friendly database used to build, scale, and run gen AI and LLM-powered apps—without needing a separate vector database. Atlas offers built-in vector search, global availability across 115+ regions, and flexible document modeling. Start building AI apps faster, all in one place.

Start Free

Rate This Project

User Reviews

Be the first to post a review of w-o-f!

Additional Project Details

Registered

2013-08-22

Similar Business Software

Imperva WAF

Web application attacks prevent important transactions and steal sensitive data. Imperva Web Application Firewall (WAF) analyzes traffic to your applications to stop these attacks and ensure uninterrupted business operations. A noisy WAF forces you to choose between blocking legitimate traffic...

See Software
Alibaba Cloud WAF

Web Application Firewall (WAF) protects your website servers against intrusions. Our service detects and blocks malicious traffic directed to your websites and applications. WAF secures your core business data and prevents server malfunctions caused by malicious activities and attacks. Alibaba...

See Software
AppWall

AppWall - Radware’s Web Application Firewall (WAF), ensures fast, reliable and secure delivery of mission-critical Web applications and APIs for corporate networks and in the cloud. AppWall is an NSS recommended, ICSA Labs certified and PCI compliant WAF that combines positive and negative...

See Software
Qualys WAF

Qualys Web Application Firewall (WAF) is a virtual appliance-based service that reduces the operational cost and complexity of application security. Leveraging a unified platform, it continuously detects attacks using inhouse inspection logics and rulesets, and virtually patches web application...

See Software
Huawei WAF

Web Application Firewall (WAF) keeps your web applications safe and secure. Powered by Huawei's deep machine learning technology, WAF intelligently identifies malicious traffic and prevents attacks, strengthening defense in depth for your network. You can configure a wide range of rules to...

See Software
MONITORAPP AIWAF

Web Application Firewall(WAF) AIWAF. Most security breaches happen on the web, to defend against web attacks, a dedicated web firewall system is required. AIWAF strongly defends various web attacks. Web security is no longer optional. It's essential. The web is vulnerable. Because the HTTP/HTTPS...

See Software