What is WAF profiling?
WAF profiling executes payload libraries against a target path and compares results to a baseline response.
Requirements
- You need a verified application.
- Choose a target path that represents the protected entry point.
- Select relevant payload categories.
Configure a profile
Define targets, payload categories, and run limits before starting a profile.
Run and interpret results
- Baseline requests capture expected behavior.
- Payload requests are compared to the baseline status and body.
- Blocked or anomalous responses are highlighted.
Best practices
- Start with a small payload set, then expand.
- Keep the baseline path stable between runs.
- Reduce run rate if the target is sensitive to load.