SecureIQLab Cloud Web Application Firewall V4.0 Test Q1 2025

Test Lab

SecureIQLab

Test Title

AMTSO Test ID

AMTSO-LS1-TP127

Platform

Gateway/Firewall

Vendor

Akamai, AWS, Barracuda, Check Point, Cloudflare, Fortinet, Imperva, Microsoft, Prophaze, Traceable, Ubika

Publication date

2025-05-05

Tested products

Vendor	Product	Vendor status
Akamai	App and API Protector	included
AWS	AWS WAF & API Shield Gateway	included
Barracuda	Application Protection	included
Check Point	Cloudguard WAF	included
Cloudflare	Cloudflare WAF	included
F5	(Not disclosed)	included
Fastly	(Not disclosed)	included
Fortinet	FortiWeb Web Application Firewall WAF VM (BYOL) v7.3	included
Google	(Not disclosed)	included
Imperva	Web Application & API Protection	participant
Microsoft	Web Application & API Protection	included
Prophaze	Appsec WAF as a Service	included
Radware	(Not disclosed)	included
Traceable	Traceable Cloud WAAP	included
Ubika	Ubika WAAP Gateway Cloud v6.15.0	included

AMTSO Standard compliance info

Notification issued

2024-09-20

Notification method

Publicly posted test plan, Contact list notification

Test plan

Commencement date

2025-01-06

Participants

These Vendors chose to adopt Participant status under the AMTSO Standard, gaining certain guaranteed rights in return for attestations.

“Included” Vendors

These Vendors did not chose to adopt Participant status under the AMTSO Standard, but may have engaged with the test lab in other ways.

Commentary dates

Commentary	Start date	End date
Phase 1 Commentary	2025-01-06	2025-06-16
Phase 2 Commentary	2025-06-16	2025-06-30

Commentary received

Vendor	Commentary phase	Comment
Imperva	Phase 2	As with previous editions, this one was well executed. I would just like to mention that the false positive avoidance tests perhaps deserve to be more discriminating, as most of the vendors obtained a fairly high score (average of 97.91%), even though this is a criterion that has a particularly strong impact on the operational effectiveness of the solutions.