- Stars
- 19,414
- License
- GPL-3.0
- Last commit
- 1 month ago
GoActive
Best WAF & API Security Tools
Explore leading tools in the WAF & API Security category, including open-source options and SaaS products. Compare features, use cases, and find the best fit for your workflow.
6 open-source projects · 3 SaaS products
Top open-source WAF & API Security
These projects are active, self-hostable choices for knowledge management teams evaluating alternatives to SaaS tools.
- Stars
- 9,502
- License
- AGPL-3.0
- Last commit
- 3 days ago
PythonActive
- Stars
- 9,324
- License
- Apache-2.0
- Last commit
- 15 days ago
C++Active
- Stars
- 3,095
- License
- Apache-2.0
- Last commit
- 4 days ago
GoActive
UUSEC WAF
Industrial‑grade AI‑powered WAF with zero‑day defense and scalable protection
- Stars
- 1,512
- License
- BSD-2-Clause
- Last commit
- 5 days ago
LuaActive
- Stars
- 672
- License
- AGPL-3.0
- Last commit
- 16 days ago
GoActive
Recently updated
3 days ago
Deploy BunkerWeb to instantly secure web services with default HTTPS, hardened headers, bot challenges, and a user‑friendly web UI, while supporting Docker, Swarm, Kubernetes, and Linux environments.
Popular SaaS Platforms to Replace
Understand the commercial incumbents teams migrate from and how many open-source alternatives exist for each product.
AWS WAF
Web Application Firewall that protects web applications and APIs from common exploits and attacks by defining security rules
WAF & API Security
Alternatives tracked
6 alternatives
Azure Web Application Firewall
Cloud-native WAF service that protects web apps from common attacks (SQL injection, XSS) by filtering malicious HTTP/S traffic
WAF & API Security
Alternatives tracked
6 alternatives
Sophos
Unified threat management and endpoint security
WAF & API Security
Alternatives tracked
6 alternatives
Most compared product
6 open-source alternatives
AWS WAF (Web Application Firewall) is a web security service that helps protect web applications and APIs from common web exploits such as SQL injection and cross-site scripting by allowing you to configure custom security rules. It integrates with services like Amazon CloudFront, ALB, and API Gateway, enabling users to filter and block malicious HTTP(S) traffic at the edge and monitor requests, thereby improving application security against bots and attacks.
Leading hosted platforms
Frequently replaced when teams want private deployments and lower TCO.
Explore related categories
Browse neighbouring categories in Security to widen your evaluation.
- Application Security Testing (SAST/DAST/SCA)Static/dynamic analysis and dependency (SCA) scanning for application vulnerabilities.
- Compliance Automation & GRCAutomated controls, evidence collection and audits for SOC 2, ISO 27001, HIPAA and more.
- Container SecurityContainer image scanning and Kubernetes security tools for supply chain protection.
- Data Discovery & ClassificationSensitive data discovery, classification and privacy compliance across data stores.
- Identity & SSOIdentity and single sign-on (SSO) servers for authentication and user management.
- Secrets ManagementVaults and key management systems for secure storage of credentials and secrets.