Overview, Goals, and Classification
SecureIQLab is a U.S.-based independent, third-party security solution validation and advisory provider.
SecureIQLab completed testing for 14 of the leading enterprise-class cloud web application firewall (WAF) products to determine their security efficacy and operational efficiency. Testing was conducted in accordance with the standards of the Anti-Malware Testing Standards Organization (AMTSO).
This report discusses the test results for the Amazon Machine Image deployed Fortinet FortiWeb-AWS Web Application Firewall, 7.0.3, build 0111.
Fortinet earned a 96% Complete Security score. This is significantly higher than the average score of 73%.
OWASP Tactics and Techniques
The majority of the attacks conducted against the cloud WAF product under test were tactics and techniques identified by OWASP for the exploitation of applications.
Cloud-based web application firewalls (WAFs) are designed to protect web applications without interrupting business continuity in the cloud-first world. This test of cloud WAFs is intended to evaluate these products’ effectiveness in mitigating these challenges.
Operational efficiency was evaluated and rated for six critical operational capabilities, and the report includes a rating for FortiWeb-AWS Web Application Firewall and for the average of all products evaluated.