A comparison of Imperva's WAF and F5 in practice

While WAF is heavily involved in protecting websites from unwanted interference and obstacles, it is a widely used application security tool. This layer 7 application protection mechanism is preferred because it can prevent issues like attachments, SQL injections, array-to-site spoofing, and array-to-site scripting. Imperva and F5 are two well-known WAFs. But are they very effective? What is the best alternative? We have tested them extensively and the results are explained in the post. threats. It is offered as a SaaS and cloud tool with different configurations. Works in any ecosystem including AWS, GCP, Azure and on-premises. Imperva is working on Active & Legacy apps, third-party apps, APIs, microservices, containers, virtual machines, and cloud apps. F5 is a leading application security service provider with numerous tools and solutions. It offers a state-of-the-art WAF that can be used in any environment to protect APIs, data, and applications. It offers advanced browser encryption, API protocol security, and proactive bot protection. This WAF is available in software, public cloud, service and hardware. From this preview, the two look pretty much the same. However, both have different features that we tested with GoTestWAF. Check out our in-depth review. Imperva v/s F5 WAF: Find the best with GoTestWAF Powered by Wallarm's comprehensive security API platform, GoTestWAF is an advanced and feature-rich WAF testing tool that can be used to test WAF performance in real-time. We used this tool for the F5 and Imperva WAF tests, and here are our results: Overall Rating While both WAFs received an overall rating of F, their results differ. Example: F5 scored 43 out of 100. Results from a test page that implemented WAF via F5 in the screenshot below. ReportImperva's F5 screenshot scored 30.3 out of 100 points. We also tested Imperva's WAF on a website that implemented such protection. Imperva's Accuracy Report ScreenshotImperva claims to be over 90% accurate, but we were very disappointed as it didn't block false positive requests. During testing, 216 false positive requests from Imperva WAF were identified as ignored. F5 wasn't that good because it also allowed 216 false positive requests. When it comes to true positives, F5 is again disappointed with a 0% success rate. But Imperva was amazing with a 100% success rate. Screenshot of F5 report 2Application Security Imperva WAF scored a D+ on this front and successfully blocked nearly 60% of application security threats. Unfortunately, F5 underperformed significantly, blocking only 29% of AppSec threats and earning an F rating. Imperva API protection was not available at the time of testing. F5 could block 100% SQL injection queries, CTRL injection queries, 64KB SQL injection queries and many other queries. Imperva screenshot of Report 3 Imperva & Wallarm WAF F5 After analysis, we were able to determine that the WAF Imperva is excellent in its accuracy. Nevertheless, we could not understand the security of its API. In contrast, the F5 WAF offered everything to test, a sign that all of its features are working. Overall, both are only of average quality. For reliable application security, you need an advanced WAF such as Wallarm WAF. We used GoTestWAF to test the effectiveness of this tool on a site with Wallarm protection implemented. The results were surprising as Wallarm WAF's overall score was A-. Wallarm report screenshot Its API protection performance is excellent. The GoTestWAF tool has been amazing in helping us test all key aspects of WAF. Test it for each web application firewall you want to use and check the duration in real time.