WAFDOG is a WAF ruleset quality assurance platform provided by Gutknecht Moore GmbH. It is positioned as a vendor-neutral SaaS for Web Application Firewall validation, migration, monitoring, and alerting. It is not an inline WAF that directly handles and blocks production traffic; instead, it helps organizations verify whether rules are actually working, whether changes introduce regressions, and how to reduce risk when migrating between WAF vendors.
The platform is built around projects, applications, checks, and result history. After adding a hostname, users must complete ownership verification before enabling Uptime, DNS, SSL, HTTP, Header, WAF checks, and WAF profiling. Key strengths include versioned checks, reproducible testing, baseline comparisons against a payload library, and human-readable reports that trace rule changes back to specific test runs. Deployment is SaaS-based, with public Guestcheck/Quickcheck options also available for no-login or temporary debugging use.
WAFDOG provides a dashboard, project teams, roles, API tokens, read-only sharing links, check history, mute controls, email alerts, and credit warnings. The documentation also mentions API v3, automation, SSO/SAML, and longer retention options, making it suitable for integration into existing operations and security workflows. Its terms define service hours as German business days from 7:00 to 20:00, with an average monthly availability commitment of 99.2% during that period. The service may still be available outside those hours, but there is no explicit availability guarantee.
Pricing follows a credit-based prepaid model, where credits are consumed based on check type and interval. Top-ups are made in EUR, with PayPal credited instantly; other payment methods require written agreement. BASIC is around β¬950/year, PROFESSIONAL around β¬4,498/year, and ENTERPRISE requires contacting sales. Both credits and bonus credits are valid for 365 days. The public materials reviewed do not disclose compliance certifications such as ISO 27001 or SOC 2.
Its advantages are vendor neutrality, reproducibility, and strong fit for rule regression testing, audit evidence, and WAF migration assessment. The credit system and calculator also make costs relatively transparent. Limitations include the fact that it cannot replace actual protection products such as Cloudflare, AWS WAF, or Alibaba Cloud WAF, and its payment options, SLA, and compliance disclosures are relatively limited. It is best suited for enterprise security and platform teams that already operate WAFs, manage many applications, and make frequent rule changes.
The public materials do not provide information on mainland China network reachability, ICP filing, local nodes, or RMB payment options, so access from China is currently unknown. Chinese companies considering procurement should carefully verify access stability, PayPal/cross-border payments, invoicing, and data compliance. Alternative or complementary options include Alibaba Cloud WAF, Tencent Cloud WAF, Chaitin SafeLine WAF, as well as Cloudflare and AWS WAF.
β This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on linon.net official site.
linon.net is an Unknown Cybersecurity provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach linon.net directly.