w-o-f

"Web application firewalls (WAF)" , The today's requirement to secure the web applications without
changing the existing infrastructure.But at the same time, it is a big risk in case of WAF behavior and false positives (legitimate traffic blocking). This talk will demonstrates a new concept to evaluate
any WAF without taking risk of putting any WAFs into inline mode.Everything will be in learning or in passive mode.This project describes concept of one special engine,which can be used to evaluate any WAFs with zero risk to the end user (website owner),no matter whether its vendor supports Passive mode or not(i.e. modsecurity or naxsi).

Features

Passively evaluate any Web Application Firewall
Supports phase-3 (RESPONSE_HEADERS) and phase-4 (RESPONSE_BODY) operations for mod_security.
Actual IP Impersonation
Generates log in Apache and mod_security format

Project Samples

Step-1 ( Run through Command line using "java -jar" switch

Step-2 (Choose NIC, Website and WAF URL)

Step-4 (See the attack is performed over "demo.testfire.net" but you can see the blocking log on "WOF" console )

Simulated Request identical to Browser's request generated by "WOF"

Project Activity

See All Activity >

Follow w-o-f

w-o-f Web Site

Other Useful Business Software

Level Up Your Cyber Defense with External Threat Management

See every risk before it hits. From exposed data to dark web chatter. All in one unified view.

Move beyond alerts. Gain full visibility, context, and control over your external attack surface to stay ahead of every threat.

Try for Free

Rate This Project

User Reviews

Be the first to post a review of w-o-f!

Additional Project Details

Registered

2013-08-22

Similar Business Software

A10 Defend Threat Control

A10 Defend Threat Control, a SaaS component of the A10 Defend suite, offers a real-time DDoS attack map and proactive, detailed list of DDoS weapons. Unlike other tools available today that provide convenience at the cost of false positives and false negatives, A10 Defend Threat Control...

See Software
Imperva WAF

Web application attacks prevent important transactions and steal sensitive data. Imperva Web Application Firewall (WAF) analyzes traffic to your applications to stop these attacks and ensure uninterrupted business operations. A noisy WAF forces you to choose between blocking legitimate traffic...

See Software
Alibaba Cloud WAF

Web Application Firewall (WAF) protects your website servers against intrusions. Our service detects and blocks malicious traffic directed to your websites and applications. WAF secures your core business data and prevents server malfunctions caused by malicious activities and attacks. Alibaba...

See Software
SKUDONET

SKUDONET Enterprise Edition is an Application Delivery and Security Platform built on Linux Debian 12.5 LTS for critical enterprise environments. Formerly known as Zevenet, it provides advanced L4/L7 load balancing, integrated WAF, TLS management with Let’s Encrypt and wildcard support, and...

See Software
F5 BIG-IP Advanced WAF

Advanced Web Application Firewall (WAF) protect your apps with behavioral analytics, proactive bot defense, and application-layer encryption of sensitive data. Use the ROI Estimator from F5 and Forrester to find out how Advanced WAF can improve your security posture and save you money. The F5 F5...

See Software
Huawei WAF

Web Application Firewall (WAF) keeps your web applications safe and secure. Powered by Huawei's deep machine learning technology, WAF intelligently identifies malicious traffic and prevents attacks, strengthening defense in depth for your network. You can configure a wide range of rules to...

See Software