Imperva Blog|Login|中文Deutsch日本語
WAF Testing Framework

Find Out If Your Application Security Controls Work

Web Application Firewall (WAF) Testing Framework
Your Web applications are at risk. Hackers, bots, and fraudsters constantly probe your Website, looking for vulnerabilities to exploit and data to steal. Application security solutions can help you protect your Website. But how can you be sure that these solutions stop attacks—and that your Website is safe?

Imperva has developed a free evaluation toolkit that enables you to test your application security solution—your Web application firewall or network firewall or intrusion prevention system—and find out if it can stop advanced application attacks. The Web Application Firewall (WAF) Testing Framework conducts over 150 tests, including SQL injection, cross site scripting, and remote file inclusion. It leverages the same evasion techniques used by hackers to bypass simple
signature-based solutions and it generates a report that reveals
overall security efficacy.

Measure False Positives


While you need to safeguard your applications, your ironclad defenses should not block legitimate users. You should evaluate whether your security solution can stop attacks without blocking valid traffic. The WAF Testing Framework determines the rate of false positives by inserting legitimate, but potentially suspicious, input into form fields and parameters. It produces clear, informative reports that summarize false positives and false negatives, allowing you to gauge the accuracy of your security solution.

Software Requirements

Operating Systems:
  • Windows XP/Vista/7/
    Server 2003/Server 2008,
    Redhat Linux
  • Sun Java JRE 1.6+
File Size:
  • 91.1 MB

The WAF Testing Framework allows you to:
  • Quickly evaluate the effectiveness of your application security solution
  • Recognize if your security controls might block legitimate users
  • Examine stateful attacks like cookie tampering and Cross Site Request Forgery (CSRF)
  • Produce clear, concise reports that illustrate overall security status
  • Extend the baseline set of security assessments to include custom tests

Application Security Test Environment


The WAF Testing Framework provides everything you need to test your application security controls. It includes a Java-based executable for Windows and WebGoat, an intentionally insecure Web application developed by OWASP. Download the WAF Testing Framework today to evaluate your Web application firewall today.
Download Now