PickYourTechPickYourTech home

Best WAF & API Security Tools

Web application firewalls and API security gateways to protect against attacks.

7 open-source projects3 SaaS products

Top Open Source WAF & API Security platforms

View all 7 open-source options
SafeLine logo

SafeLine

Self‑hosted WAF that shields web apps from attacks

WAF & API Security
Stars
20,811
License
GPL-3.0
Last commit
4 months ago
GoStable
Anubis logo

Anubis

Lightweight web firewall that blocks AI scrapers with challenge tests

WAF & API Security
Stars
17,520
License
MIT
Last commit
6 days ago
GoActive
BunkerWeb logo

BunkerWeb

Secure your web services by default with a flexible WAF

WAF & API Security
Stars
10,110
License
AGPL-3.0
Last commit
1 day ago
PythonActive
ModSecurity logo

ModSecurity

High-performance, language-agnostic security engine for web traffic

WAF & API Security
Stars
9,540
License
Apache-2.0
Last commit
13 days ago
C++Active
Coraza logo

Coraza

High-performance Go-based WAF compatible with OWASP CRS v4

WAF & API Security
Stars
3,328
License
Apache-2.0
Last commit
13 hours ago
GoActive
UUSEC WAF logo

UUSEC WAF

Industrial‑grade AI‑powered WAF with zero‑day defense and scalable protection

WAF & API Security
Stars
1,604
License
BSD-2-Clause
Last commit
6 days ago
LuaActive
Most starred project
SafeLine
20,811★

Self‑hosted WAF that shields web apps from attacks

Recently updated
Coraza
13 hours ago

Coraza delivers enterprise‑grade web application firewall protection using ModSecurity SecLang rules and full OWASP Core Rule Set v4 compatibility, with a focus on performance and extensibility.

Dominant language
Go • 4 projects

Expect a strong Go presence among maintained projects.

Leading WAF & API Security SaaS platforms

AWS WAF logo

AWS WAF

Web Application Firewall that protects web applications and APIs from common exploits and attacks by defining security rules

WAF & API Security
Alternatives tracked
6 alternatives
Azure Web Application Firewall logo

Azure Web Application Firewall

Cloud-native WAF service that protects web apps from common attacks (SQL injection, XSS) by filtering malicious HTTP/S traffic

WAF & API Security
Alternatives tracked
6 alternatives
Sophos logo

Sophos

Unified threat management and endpoint security

WAF & API Security
Alternatives tracked
5 alternatives
Most compared product
AWS WAF
6 open-source alternatives

AWS WAF (Web Application Firewall) is a web security service that helps protect web applications and APIs from common web exploits such as SQL injection and cross-site scripting by allowing you to configure custom security rules. It integrates with services like Amazon CloudFront, ALB, and API Gateway, enabling users to filter and block malicious HTTP(S) traffic at the edge and monitor requests, thereby improving application security against bots and attacks.

Leading hosted platforms
AWS WAF, Azure Web Application Firewall, Sophos

Frequently replaced when teams want private deployments and lower TCO.