WAFEP is designed to assess the attack vector support of web application firewalls and application IDS/IPS modules.

It operates through an "attacker website" with links, forms, browser controls and other request initiators which send a collection of malicious payloads through the WAF to a target application, which in turn, checks which payloads were blocked and which passed successfully.

The WAFEP application serves as both the "attacker" website and the "target" website, and thus, should ideally be used in twin instances - one BEHIND the WAF (the defender/target website), and another before the WAF (the attacker website).

The payloads can be executed manually through the WAFEP attacker website instance by activating one test case at a time, or automatically, by using a crawling mechanism such as the one implemented in ZAP, Burpsuite, etc.

*Note*
The target website should be configured in the attacker website FIRST, by accessing: /wafep/config/change-target.jsp

Project Samples

WAFEP CSRF Detection Test Cases

Project Activity

See All Activity >

Categories

Web Application Firewalls (WAF)

Follow wafep

wafep Web Site

Other Useful Business Software
Our Free Plans just got better! | Auth0 Icon
Our Free Plans just got better! | Auth0

With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
Try free now
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of wafep!

Additional Project Details

Registered

2014-09-08
Report inappropriate content