w-o-f

"Web application firewalls (WAF)" , The today's requirement to secure the web applications without
changing the existing infrastructure.But at the same time, it is a big risk in case of WAF behavior and false positives (legitimate traffic blocking). This talk will demonstrates a new concept to evaluate
any WAF without taking risk of putting any WAFs into inline mode.Everything will be in learning or in passive mode.This project describes concept of one special engine,which can be used to evaluate any WAFs with zero risk to the end user (website owner),no matter whether its vendor supports Passive mode or not(i.e. modsecurity or naxsi).

Features

Passively evaluate any Web Application Firewall
Supports phase-3 (RESPONSE_HEADERS) and phase-4 (RESPONSE_BODY) operations for mod_security.
Actual IP Impersonation
Generates log in Apache and mod_security format

Project Samples

Step-1 ( Run through Command line using "java -jar" switch

Step-2 (Choose NIC, Website and WAF URL)

Step-4 (See the attack is performed over "demo.testfire.net" but you can see the blocking log on "WOF" console )

Simulated Request identical to Browser's request generated by "WOF"

Project Activity

See All Activity >

Follow w-o-f

w-o-f Web Site

Other Useful Business Software

Ship Agents Faster

Transform your applications and workflows into powerful agentic systems at global scale.

Gemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.

Get Started Free

Rate This Project

User Reviews

Be the first to post a review of w-o-f!

Additional Project Details

Registered

2013-08-22

Similar Business Software

Imperva WAF

Web application attacks prevent important transactions and steal sensitive data. Imperva Web Application Firewall (WAF) analyzes traffic to your applications to stop these attacks and ensure uninterrupted business operations. A noisy WAF forces you to choose between blocking legitimate traffic...

See Software
Alibaba Cloud WAF

Web Application Firewall (WAF) protects your website servers against intrusions. Our service detects and blocks malicious traffic directed to your websites and applications. WAF secures your core business data and prevents server malfunctions caused by malicious activities and attacks. Alibaba...

See Software
SKUDONET

SKUDONET Enterprise Edition is an Application Delivery and Security Platform built on Linux Debian 12.5 LTS for critical enterprise environments. Formerly known as Zevenet, it provides advanced L4/L7 load balancing, integrated WAF, TLS management with Let’s Encrypt and wildcard support, and...

See Software
F5 BIG-IP Advanced WAF

Advanced Web Application Firewall (WAF) protect your apps with behavioral analytics, proactive bot defense, and application-layer encryption of sensitive data. Use the ROI Estimator from F5 and Forrester to find out how Advanced WAF can improve your security posture and save you money. The F5 F5...

See Software
Huawei WAF

Web Application Firewall (WAF) keeps your web applications safe and secure. Powered by Huawei's deep machine learning technology, WAF intelligently identifies malicious traffic and prevents attacks, strengthening defense in depth for your network. You can configure a wide range of rules to...

See Software
Qualys WAF

Qualys Web Application Firewall (WAF) is a virtual appliance-based service that reduces the operational cost and complexity of application security. Leveraging a unified platform, it continuously detects attacks using inhouse inspection logics and rulesets, and virtually patches web application...

See Software