


Find out in this report how the two Web Application Firewall (WAF) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
My experience with the pricing or licensing of Cloudflare Web Application Firewall is that many features can be accessed for free, so the pricing is definitely reasonable.
Aikido Security caught a critical remote code execution vulnerability in my Python machine learning pipelines before it reached production.
Since we got rid of that, our productivity has increased, I believe, by thirty-two percent.
We were expecting to complete the compliance in a month, but I figured out Aikido Security could do it within a week for all our 13 repositories.
With AWS WAF, it is easier for us to block unwanted malicious DDoS attacks and threats from coming into our web application.
I would rate the technical support with Cloudflare as excellent every time I've had to contact them.
The technical support of Cloudflare Web Application Firewall rates between five and seven at maximum.
Aikido Security was the easiest to use, the easiest to onboard, and the one with the most active customer support.
Their team proactively reached out after signup to ensure we were set up correctly.
Customer support is good; if you raise a query, hardly within a day, your issues get resolved.
Resolving issues can take time because the support personnel may lack product expertise, leading to delays.
They reach out when you send them a ticket, and within 24 hours or less, someone is able to get back to you to solve your problem.
The scalability of Cloudflare Web Application Firewall rates between 8 to 9, as it depends upon the use cases and what exactly the client needs.
That kind of reliability becomes invisible when it works well, which is exactly what you want from a security tool running in your CI/CD pipelines.
Aikido Security scales well by supporting multiple projects, repositories, and development teams on a single platform.
You can deploy it on your team, and if you have a large team, it works very well.
AWS WAF does scale in the sense that it is fully managed and has automatic scaling.
The stability of Cloudflare Web Application Firewall deserves a perfect 10 out of 10.
The platform has been reliable and provides accurate security findings.
Since it protects web applications from common attacks such as SQL injection and XSS, it is very stable.
In terms of reliability, I would rate AWS WAF about six out of ten due to the need for improved signature sets.
We faced issues with AWS WAF when writing the custom rules.
The product can improve by having more multitenancy capability, which is currently not available.
I think they're doing a good job with DNS and as support for any domains that I create or that my clients create, it's mandatory for me to ensure they have Cloudflare as their DNS provider.
And maybe something similar to Pushpin that Fastly has, which is an option where you can push messages that then can be scaled globally over the network.
I would love to see a Terraform module for Aikido Security.
I had a certain object with a UUID that was being considered as a private secret key or API key, which was not the case.
Aikido Security tells you what is vulnerable, but sometimes the fix suggestions are generic.
Compared to firewalls, WAFs generally provide limited stateful analysis capabilities.
The way we see it now is just mentioned as a percentage from bots and actual users, which should include proper graphs and detailed information.
The level of granularity is not great, and as you cross a certain threshold, the cost goes up by twenty or thirty percent every time.
I used the free trial, which was sufficient for evaluating the platform and its core features.
Due to our status as an AWS shop, AWS WAF is cost-effective for us, and we benefit from discounts due to our extensive use of AWS services.
The licensing cost for AWS WAF is just pay-as-you-go; it is a service-based model.
The custom rules and the geo-redundant geographical rule feature, which allows me to implement geographical rules for customers, add significant value.
The best features of Cloudflare Web Application Firewall are multiple, including the WAF, rate limiter, and bot attack protection.
Cloudflare Web Application Firewall's advanced reporting and analytics tools add a layer that we're able to visualize and see before it actually hits the local firewall.
We were able to get all codebase vulnerability fixes within a week for all our 13 or 14 repositories that we had.
Security shifted left, meaning issues were caught during development rather than after deployment.
My favorite feature is the dependency vulnerability scanning because it quickly identifies the risk in third-party packages, which saves me time in finding vulnerabilities.
The biggest benefit of AWS WAF for us is to filter malicious requests, so we can protect our environment and application from malicious actors.
It has also helped to improve the posture of our application, prevent all DDoS attacks, and unnecessary traffic and SQL injection that is reducing the performance of our application.
The specific outcomes showing how AWS WAF has helped our organization include improving our security posture by reducing the attack surface and reducing malicious attacks.
| Product | Mindshare (%) |
|---|---|
| AWS WAF | 4.3% |
| Cloudflare Web Application Firewall | 4.0% |
| Aikido Security | 0.3% |
| Other | 91.4% |


| Company Size | Count |
|---|---|
| Small Business | 16 |
| Midsize Enterprise | 6 |
| Large Enterprise | 6 |
| Company Size | Count |
|---|---|
| Small Business | 6 |
| Midsize Enterprise | 2 |
| Large Enterprise | 2 |
| Company Size | Count |
|---|---|
| Small Business | 22 |
| Midsize Enterprise | 12 |
| Large Enterprise | 28 |
Cloudflare Web Application Firewall integrates DDoS protection, load balancing, and firewall capabilities. Its ease of use, configurability, and robust security measures make it a versatile choice for protecting web applications.
Cloudflare Web Application Firewall provides a comprehensive defense against threats with advanced reporting and robust security measures. It includes DNS integration, rate limiting, and extensive rule sets, all within a SaaS model that allows API configurability. Users value its caching, scalability, and pricing, although enhancements are needed in rate-limiting and third-party integration. Improvements in customer support, especially in India, real-time controls, and user documentation are also desired. Users seek a more intuitive dashboard, better log management, and improved alert systems, along with multitenancy capabilities and enhanced reporting.
What are the key features of Cloudflare Web Application Firewall?Cloudflare Web Application Firewall finds application in industries like banking and retail by acting as a comprehensive security gateway, managing authentication and authorization while protecting web applications from malicious Layer 7 traffic. It also implements load balancing, CDN, and zero-trust policies, supported by advanced reporting, analytics tools, and threat scoring to meet specific industry needs.
Aikido Security is the no-nonsense platform that empowers developers by centralizing code-to-cloud security issues and providing rapid guidance for fixing vulnerabilities.
With over 6,000 teams utilizing its features, Aikido Security prioritizes effective security management by consolidating 11 comprehensive scans into one platform. This approach translates complex vulnerabilities into understandable insights, targeting non-enterprise SaaS businesses with engineering teams of 10-500 developers. It focuses on delivering security management without excessive costs or complexity through a product-led growth model.
What are the standout features of Aikido Security?In industries like software development and cloud services, Aikido Security is implemented to provide clear insights, enabling teams to focus on rapid product growth while maintaining robust security. Its product-led growth strategy, including a freemium offering, allows developers to experience benefits firsthand without initial investment.
AWS WAF provides configurable rules, integration with AWS services, and scalable protection against web threats like SQL injections and DDoS attacks. Its automation and reliable performance are highly valued by users.
AWS WAF is a web application firewall offering significant security features like geo-restriction, custom rules, and IP filtering. Designed for seamless orchestration within AWS environments, it facilitates easy configuration and threat automation. Users benefit from its security policies, enhancing application performance by protecting against threats such as cross-site scripting. Despite its strengths, there is a call for enhanced user interfaces, better documentation, flexible pricing, and improved support. Expanding features like real-time analysis, bot protection, and AI integration can further elevate its utility.
What are the key features of AWS WAF?AWS WAF is extensively used in industries hosting applications on AWS, protecting sensitive data, and monitoring for unauthorized access. Custom and managed rules help cater to infrastructure needs, serving a vital role in maintaining application security across various sectors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.