ee
Aug 22, 2024Nimbostratus
F5 WAF Tester
Hi, anyone has experience on using F5 WAF Tester for testing the WAF policy to see whether it is working fine or not? Source: https://clouddocs.f5.com/training/community/waf/html/waf2023/module3/la...
Can't you make a test server with a test app like juice shop or Damn Vulnerable Web Application (DVWA) and attach the same WAF policy under it ?
Also if you allow internet access to the app you can use the F5 XC Heystack to do a test with a full report after the scan:
Introducing F5 Distributed Cloud Web App Scanning (youtube.com)