Run weekly WAF security audits with WAFtester and Slack alerts

Go to Workflow
0 views
Built by Qandil Qandil
Created on June 15, 2026

Description

What it does

Automated weekly WAF security assessments with Slack reporting. Detects your WAF vendor, runs a security assessment, grades your protection, and alerts your team when the grade drops below threshold.

About WAFtester

WAFtester is an open-source CLI for testing Web Application Firewalls. It ships 27 MCP tools, 2,800+ attack payloads across 18 categories (SQLi, XSS, SSRF, SSTI, command injection, XXE, and more), detection signatures for 26 WAF vendors and 9 CDNs, and enterprise-grade assessment with F1/MCC scoring and letter grades (A+ through F).

GitHub: github.com/waftester/waftester
Docs: Installation | Examples | Commands

Who it's for

Security teams needing continuous WAF monitoring
DevOps engineers tracking WAF configuration drift
Compliance teams requiring regular security assessments

How it works

The workflow has seven nodes:

Weekly Schedule — Triggers every Monday at 3 AM (configurable)
Detect WAF — Calls WAFtester's detect_waf tool to fingerprint the WAF vendor and CDN
Start Assessment — Launches an async assess task testing SQLi, XSS, traversal, cmdi, and SSRF
Wait — Pauses to let the assessment run
Poll Results — Calls get_task_status to retrieve completed results
Check Results — Routes based on the WAF grade (pass if "A" or better, fail otherwise)
Slack (Pass/Fail) — Posts a summary to your Slack channel with grade, detection rate, and bypass count

How to set up

Start WAFtester MCP server:
docker run -p 8080:8080 ghcr.io/waftester/waftester:latest mcp --http :8080
Set environment variables: WAF_TARGET_URL (required), WAFTESTER_MCP_URL, SLACK_CHANNEL
Add Slack OAuth2 credentials and select them in both Slack nodes
Activate the workflow

Alternatively, use the included docker-compose.yml to run both n8n and WAFtester together.

Requirements

| Requirement | Details |
|---|---|
| WAFtester MCP server | Docker image (ghcr.io/waftester/waftester:latest) or binary install |
| Slack | Workspace with OAuth2 bot credentials |
| Authorization | Only test targets you have explicit written permission to test |

How to customize

Adjust schedule in the Weekly Schedule node
Change grade threshold in the Check Results node
Add attack categories in Start Assessment's categories array
Swap Slack for email, Teams, or any n8n notification node

Links

WAFtester website
GitHub repository
Installation guide
Full examples
Docker Hub

Nodes Used (2)

HTTP Request
n8n-nodes-base.httpRequest
Slack
n8n-nodes-base.slack