"The solution is stable."
"The most valuable features of AWS WAF are its cloud-native and on-demand."
"This is not a product that you need to install. You just use it."
"The most valuable features are the geo-restriction denials and the web ACL."
"Its best feature is that it is on the cloud and does not require local hardware resources."
"The most valuable aspect is that it protects our code. It's a bit difficult to overwrite code in our application. It also protects against threats."
"The most valuable feature is the scalability because it automatically scales up or scales down as per our requirements."
"AWS has flexibility in terms of WAF rules."
"The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
"Tenable.io Web Application Scanning is very easy to use."
"I would like to see it more tightly integrated with other AWS services."
"We don't have much control over blocking, because the WAF is managed by AWS."
"It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right."
"It's a bit difficult to apply the right rules for the right security."
"While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex."
"We haven't faced any problems with the solution."
"On the UI side, I would like it if they could bring back the geolocation view on the corner."
"I would like to be able to view a graphical deployment map in the user interface that will give me an overview of the configuration and help to determine whether I have missed any steps."
"It would be great if there were a dashboard that is more user-friendly."
"The reporting has a very limited customization capability."
"I would like for them to add proxy filtering, where you can transfer and alter the package. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing package, which will actually help you in exploiting any vulnerability in detail."
AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.
Tenable.io Web Application Scanning safely, accurately and automatically scans your web applications, providing deep visibility into vulnerabilities and valuable context to prioritize remediation.
AWS WAF is ranked 5th in Web Application Firewall (WAF) with 12 reviews while Tenable.io Web Application Scanning is ranked 20th in Application Security with 3 reviews. AWS WAF is rated 7.6, while Tenable.io Web Application Scanning is rated 7.6. The top reviewer of AWS WAF writes "Use this product to make it possible to deploy web applications securely". On the other hand, the top reviewer of Tenable.io Web Application Scanning writes "Good reporting and integration, but it needs a user-friendly dashboard". AWS WAF is most compared with Microsoft Azure Application Gateway, Imperva Web Application Firewall, Azure Front Door, Akamai Kona Site Defender and F5 BIG-IP Local Traffic Manager (LTM), whereas Tenable.io Web Application Scanning is most compared with PortSwigger Burp Suite Professional, Qualys Web Application Scanning, Acunetix by Invicti, Veracode and HCL AppScan.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.