2026 WAF Comparison: How Padding Evasion Attacks Are Changing the Game
Check Point's testing revealed that most WAFs are vulnerable to new padding-based attacks like React2Shell. Only two solutions provided full coverage, while others either missed threats or blocked legitimate traffic.
Architectural Limitations of Traditional WAFs
Traditional WAFs relying on signature-based analysis are showing growing limitations against sophisticated malware. Tests from 2024-25 already highlighted this issue, but in 2026, the introduction of the Padding Evasion attack vector completely changed evaluation criteria. This technique lets attackers hide malicious code in massive amounts of "junk" data, bypassing standard 8-128 KB inspection buffers.
Key Metrics: Security vs. Detection
When choosing a WAF, two critical parameters often clash:
- Security Quality (True Positive Rate) — the ability to accurately identify and block malicious requests.
- Detection Quality (False Positive Rate) — the ability to let legitimate traffic through without false alarms.
An ideal WAF balances both. For objective evaluation, we use Balanced Accuracy — the average of these two metrics.
Testing Results for Top WAFs
In December 2025, Check Point tested 13 configurations of popular WAFs, including solutions from Microsoft Azure, AWS, Cloudflare, F5, Google, Fortinet, and Imperva. Tests used:
- 1,040,242 legitimate HTTP requests from 692 real websites.
- 74,284 malicious combinations from common attack vectors.
Results by balanced accuracy:
- open-appsec / CloudGuard WAF (critical profile) — 99.453%
- open-appsec / CloudGuard WAF (default profile) — 99.283%
- F5 NGINX App Protect WAF — 94.071%
Extreme cases highlight the imbalance:
- Imperva Cloud WAF had excellent detection (0.009% false positives) but missed 88.03% of real threats.
- Microsoft Azure WAF blocked 97.537% of threats but triggered 54.412% false positives, disrupting app functionality.
The Padding Evasion Threat and Three WAF Behaviors
Introducing Padding Evasion datasets (using CVE-2025-55182 in React2Shell) exposed core architectural differences. Large payloads hidden in junk data test not just signature databases but request processing mechanisms. Testing revealed three behaviors:
- Fail Open — WAF inspects only part of the request (e.g., first 128 KB), misses the threat, and passes the whole thing. Result: Vulnerable to zero-days.
- Fail Close — WAF sees the request exceeds its buffer and blocks it entirely. Result: High false positives, blocking legit large requests (JSON, file uploads).
- Full Coverage — WAF analyzes the entire request body regardless of size, catching hidden threats without blocking legit traffic. Result: Optimal protection.
WAF Behavior Comparison on Padding Evasion Attacks
| WAF | Behavior on Large Requests | Result | Status |
| :--- | :--- | :--- | :--- |
| open-appsec / CloudGuard WAF | Full Coverage | Protected | ✅ |
| Google Cloud Armor | Full Coverage | Protected | ✅ |
| Microsoft Azure WAF | Fail Close | Blocks Legit Requests | ❌ |
| AWS WAF (Managed & F5 Rules) | Fail Close | Blocks Legit Requests | ❌ |
| Cloudflare WAF | Fail Open | Vulnerable to Padding Evasion | ❌ |
| F5 NGINX AppProtect | Fail Open | Vulnerable to Padding Evasion | ❌ |
| F5 BIG-IP Advanced WAF | Fail Open | Vulnerable to Padding Evasion | ❌ |
| Fortinet FortiAppSec | Fail Open | Vulnerable to Padding Evasion | ❌ |
Only open-appsec/CloudGuard and Google Cloud Armor achieved Full Coverage. Most, including Cloudflare, F5, and Fortinet, use Fail Open, leaving apps exposed. AWS and Azure opt for Fail Close, sacrificing usability for security.
Evolution of Testing Tools and Anomalies
Testing tools have evolved into a full platform with PDF reports, result visualizations, and log examples. Docker support enables quick express checks. But tests uncovered an anomaly: Imperva Cloud WAF blocked 100% of testing tool traffic, including legit requests — pointing to aggressive heuristics targeting audit tools themselves.
Key Takeaways
- Padding Evasion attacks are the new benchmark — WAFs must handle any request size to counter threats like React2Shell.
- Metric balance is essential — Picking a WAF based solely on security or detection risks vulnerabilities or downtime.
- Architecture drives outcomes — Only streaming analysis with machine learning delivers Full Coverage without performance hits.
- Configuration matters — Testing products in different modes (e.g., open-appsec) shows settings hugely impact balanced accuracy.
- Testing tools are more advanced — Modern platforms offer detailed reports for smart WAF selection and tuning.
— Editorial Team
No comments yet.