Dear Information Security Hero's, I planned to share some tools which really help you while implementing WAF.
Sometime after completing the installation customer will ask "I did not see any attacks, is your WAF working fine ?? "
So, to avoid this kind of question, Use the below tool that enables you to evaluate the security efficacy of your web application security solution Unlike other application scanners, which only check for vulnerabilities, it generates both legitimate traffic and attacks traffic to determine if your security solution stops attacks without blocking valid requests.
Here only providing top tools only...
LightBulb Framework
The framework consists of two main algorithms: GOFA: An active learning algorithm that infers symbolic representations of automata in the standard membership/equivalence query model. Active learning algorithms permit the analysis of filter and sanitizer programs remotely, i.e. given only the ability to query the targeted p Microsoft's WAF Bench (WB) Tool Suits program and observe the output.
SFADiff: A black-box differential testing algorithm based on Symbolic Finite Automata (SFA) learning Finding differences between programs with similar functionality is an important security problem as such differences can be used for fingerprinting or creating evasion attacks against security software like Web Application Firewalls (WAFs) which are designed to detect malicious inputs to web applications.
Imperva's WAF test Framework
This has come from one of the reputed OEM, who is the leader in Gartner's WAF-report.The WAF Testing Framework is licensed under the terms of the Affero General Public License version 3.
Link: https://www.imperva.com/lg/lgw_trial.asp?pid=483
Microsoft's WAF Bench (WB) Tool Suits
WAF (Web Application Firewall) Bench tool suits are designed to verify the correctness and measure the performance of WAF.
Automatic WAF correctness testing can relieve developers from the heavy and tedious verifying works. There are two important factors for conducting WAF correctness testing: the testing framework and test cases.
Its a heavy tool needs more dependencies to compare with above-mentioned tools.
