We performed a comparison between AWS WAF and Tenable.io Web Application Scanning based on real PeerSpot user reviews.
Find out what your peers are saying about Amazon Web Services (AWS), F5, Microsoft and others in Web Application Firewall (WAF)."The access instruction feature is the most valuable. This is what we use the most."
"We do not have to maintain the solution."
"The product’s availability, ease of configuration, and documentation are valuable."
"The initial setup was very straightforward. Deployment took about ten minutes or less."
"The most valuable feature is the scalability because it automatically scales up or scales down as per our requirements."
"It is Amazon. Everything is scalable. It is beyond what we need."
"This product supplies options for web security for applications accessing sensitive information."
"The solution's initial setup process is easy."
"The solution is stable."
"The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."
"We can get detailed information about vulnerabilities."
"The initial setup is straightforward."
"All the features are valuable to us as they offer cutting-edge scanning methods and address the latest issues with a contemporary approach. Tenable.io Web Application Scanning is highly stable. I rate it a nine out ten. Since the solution works on the Cloud, it's highly scalable. I rate the scalability a nine out of ten. The setup of the solution is straightforward. The Return on Investment is substantial. I recommend the solution to all."
"It is fully automated."
"The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities."
"Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."
"For uniformity, AWS has a well-accepted framework. However, it'll be better for us if we could have some more documented guidelines on how the specific business should be structured and the roles that the cloud recommends."
"The price could be improved."
"The cost must be reduced."
"It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation."
"The product must provide more features."
"AWS WAF could improve by making the overall management easier. Many people that have started working with AWS WAF do not have an easy time. They should make it easy to use."
"It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right."
"I would like to see it more tightly integrated with other AWS services."
"I would like for them to add proxy filtering, where you can transfer and alter the package. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing package, which will actually help you in exploiting any vulnerability in detail."
"The solution's dashboards could be improved and made more user-friendly."
"Tenable.io Web Application Scanning is not very user-friendly and you need a lot of information to get proper reports. The tool's support is not very responsive."
"The report customization needs to be better."
"The dashboard could be more user-friendly."
"Tenable.io Web Application Scanning conducts a general scan, which wastes time. The scan needs to be specific."
"The platform's technical support services could be better."
"Tenable.io Web Application Scanning could improve by offering faster fuzzing."
More Tenable.io Web Application Scanning Pricing and Cost Advice →
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while Tenable.io Web Application Scanning is ranked 24th in Application Security Tools with 14 reviews. AWS WAF is rated 8.0, while Tenable.io Web Application Scanning is rated 7.6. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Tenable.io Web Application Scanning writes "Highly Recommended Solution with Latest Scanning Methods". AWS WAF is most compared with Azure Web Application Firewall, Microsoft Azure Application Gateway, F5 Advanced WAF, Imperva Web Application Firewall and Fortinet FortiWeb, whereas Tenable.io Web Application Scanning is most compared with Acunetix, Qualys Web Application Scanning, Fortify on Demand, PortSwigger Burp Suite Professional and HCL AppScan.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.