SecureIQLab Cloud Web Application Firewall (WAF) CyberRisk Validation

Test Lab


Test Title

SecureIQLab Cloud Web Application Firewall (WAF) CyberRisk Validation






AWS, Barracuda, Cloudflare, F5, Fortinet, Imperva, Prophaze, Sitelock, Stackpath

Publication date


Statement from Test Lab

Attackers have moved up the stack. They are no longer simply attacking the web server and its underlying operating systems; they are attacking the web applications running on the web server that are front-ending critical corporate data. Such applications are often incredibly complex and difficult to secure effectively, and simple coding errors can render them wide open to remote exploits. To help organizations regain the upper hand against current attacks, SecureIQLab has undertaken the validation of popular web application firewalls in an effort to help enterprises understand the return on security investment for WAF solutions and evolve their network defenses to prevent web servers and their applications from being exploited.

Tested products

VendorProductVendor status
AWSAWS WAFincluded
BarracudaBarracuda CloudGen WAF for AWS - PAYGincluded
CloudflareCloudflare WAFincluded
FortinetFortinet FortiWeb WAF - AWSparticipant
F5F5 Advanced WAF with LTM, IPI, and Threat Campaignsincluded
ImpervaImperva Incapsula: FlexProtect pro for Application Securityincluded
ProphazeProphaze Cloud WAFincluded
SitelockSitelock TrueShield Enterprise WAFincluded
StackpathStackpath WAFparticipant

AMTSO Standard compliance info

Notification issued


Notification method

Publicly posted test plan, Contact list notification

Test plan

Commencement date



These Vendors chose to adopt Participant status under the AMTSO Standard, gaining certain guaranteed rights in return for attestations.

“Included” Vendors


These Vendors did not chose to adopt Participant status under the AMTSO Standard, but may have engaged with the test lab in other ways.

Commentary dates
CommentaryStart dateEnd date
Phase 1 Commentary2021-06-152021-06-23
Phase 2 Commentary2021-10-072021-10-22

AMTSO Standard compliance status

Confirmed compliant with AMTSO Standard v1.3Compliance report