Awesome-Mirrors/Awesome-WAF
1
0
Fork 0
mirror of https://github.com/0xInfection/Awesome-WAF.git synced 2024-12-25 23:49:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

README.md updated from https://stackedit.io/

Browse Source
This commit is contained in:
Infected Drake 2019-02-09 11:39:20 +05:30
parent 68eb5b975d
commit f786c54211
1 changed files with 6 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
README.md
View File

@ -19,101 +19,11 @@ Feel free to [contribute](CONTRIBUTING.md).
- [Awesome Presentations & Papers](#presentations--research-papers) - [Awesome Presentations & Papers](#presentations--research-papers)
## Awesome WAFs List ## Awesome WAFs List
<table> Here are all commonly known WAFs:
<tr> |<a href="https://f5.com/products/big-ip/appl| |
<td> |--|--|
<a href="http://360.cn">360 WangZhanBao</a> | | |
</td>
<td>
<a href="https://www.airlock.com/products/airlock-waf/">Airlock</a>
</td>
</tr>
<tr>
<td>
<a href="http://www.anquanbao.com">Anquanbao</a>
</td>
<td>
<a href="https://www.armor.com/armor-web-application-firewall-service">Armor</a>
</td>
</tr>
<tr>
<td>
<a href="https://f5.com/products/big-ip/application-security-manager-asm">Application Security Manager</a>
</td>
<td>
A cloud based WAF solution for enterprises featuring big data analysis, clustering solutions, content optimisations, and access accelerations.
</td>
</tr>
<tr>
<td>
</td>
<td>
A virtual WAF solution by Armor technologies which protects web-applications from OWASP top 10 attacks and features accurate response and remediation via applied intelligence from their threat centre.
</td>
</tr>
<tr>
<td>
</td>
<td>
A comprehensive web application firewall from F5 Networks that protects apps and data from known and unknown threats, defends against bots that bypass standard protections, and virtually patches app vulnerabilities.
</td>
</tr>
<tr>
<td>
<a href="https://aws.amazon.com/waf/">Amazon AWS WAF</a>
</td>
<td>
A WAF solution from Amazon AWS that features full time web-traffic filtering, virtual patching, traffic visibility, attack transparency integrated with customisable rules.
</td>
</tr>
<tr>
<td>
<a href="https://cloud.baidu.com">Baidu Cloud WAF</a>
</td>
<td>
A cloud based protection system from Baidu to effectively defend against web application attacks. It features cloud based real-time protections, load balancing, DDoS protection and its own content-delivery network.
</td>
</tr>
<tr>
<td>
<a href="https://www.barracuda.com/products/webapplicationfirewall">Barracuda</a>
</td>
<td>
A WAF solution from Barracuda Networks featuring web aplication, API, and mobile apps against various attacks. Beside it provides DDoS protections, automated attack and bot protections, access controls and authentication protections.
</td>
</tr>
<tr>
<td>
<a href="http://binarysec.org">BinarySEC</a>
</td>
<td>A solution from BinarySec which provides all round security protections from many kinds of threats. BinarySec WAF allows active whitelisting while peotecting your site from major known threats and malware.
</td>
</tr>
<tr>
<td>
<a href="https://www.blockdos.net">BlockDoS</a>
</td>
<td>A WAF solution which features high performance in-built content delivery systems, custom SSL, DNS protection, dynamic caching and stable DDoS protection.
</td>
</tr>
<tr>
<td>
<a href="https://en.chinacache.com/managed-web-application-firewall/">ChinaCache</a>
</td>
<td>A featured firewall for China which features its own content-delivery network, virtual patching and constant threat discovery transparency report.
</td>
</tr>
<tr>
<td>
<a href="">Kona Site Defender</a>
</td>
<td>
A cloud based WAF solution from Akamai technologies that feaures a proprietary WAF rule set, created and automatically updated based on visibility into the latest attacks with protections. It provides API security integrated with DevOps security, report visibility, etc.
</td>
</tr>
</table>
## Testing Methodology ## Testing Methodology
Alright, now lets see the approach of testing WAFs. Wait, before that we need to know how they work right? Here you go. Alright, now lets see the approach of testing WAFs. Wait, before that we need to know how they work right? Here you go.
@ -1635,5 +1545,5 @@ whatwaf -u <target> --ra --throttle 2
- [WAF Bypasses and PHP Exploits](presentations/WAF%20Bypasses%20and%20PHP%20Exploits%20(Slides).pdf) - A presentation about evading WAFs and developing related PHP exploits. - [WAF Bypasses and PHP Exploits](presentations/WAF%20Bypasses%20and%20PHP%20Exploits%20(Slides).pdf) - A presentation about evading WAFs and developing related PHP exploits.
- [Playing Around with WAFs](presentations/Playing%20Around%20with%20WAFs.pdf) - A small presentation about WAF profiling and playing around with them from [Defcon 16](http://www.defcon.org/html/defcon-16/dc-16-post.html). - [Playing Around with WAFs](presentations/Playing%20Around%20with%20WAFs.pdf) - A small presentation about WAF profiling and playing around with them from [Defcon 16](http://www.defcon.org/html/defcon-16/dc-16-post.html).
<!--stackedit_data: <!--stackedit_data:
eyJoaXN0b3J5IjpbLTExNTAxMTExNzldfQ== eyJoaXN0b3J5IjpbMTgwNDI2NTY1OF19
--> -->