https://0d2d0d50.website-1u6.pages.dev/tags/ftw/Recent content in CRS Projecthttps://0d2d0d50.website-1u6.pages.dev/20171214/practical-ftw-testing-the-core-rule-set-or-any-other-waf/Thu, 14 Dec 2017 09:40:01 +0100<p>Back in August and September, Chaim Sanders <a href="https://0d2d0d50.website-1u6.pages.dev/20170810/testing-wafs-ftw-version-1-0-released/">introduced</a> <a href="https://0d2d0d50.website-1u6.pages.dev/20170915/writing-ftw-test-cases-for-owasp-crs/">FTW</a>, a Framework to Test WAFs via two blost posts. Existing unit testing frameworks are not really suitable for this purpose as they do not grant you enough control over the requests and the ability to look at the WAF log that needs to be bolted on. Chaim teamed with Zack Allen and Christian Peron from Fastly to create this. So FTW was developed with exactly our use case in mind. Time to really understand this and to start using it.</p>