From dc7192b6df0349f1549367a99a83bc3f8247369c Mon Sep 17 00:00:00 2001
From: Issa Qandil <issa@qandil.me>
Date: Sat, 7 Mar 2026 03:41:30 +0400
Subject: [PATCH] Add WAFtester to Testing section

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 5467d34..a6dbc4c 100644
--- a/README.md
+++ b/README.md
@@ -227,6 +227,7 @@ Testing is an essential element of a DevSecOps program because it helps to prepa
 * [ShiftLeft Scan](https://slscan.io)
 * [Snyk](https://snyk.io)
 * [SourceClear](https://www.sourceclear.com)
+* [WAFtester](https://github.com/waftester/waftester) - WAF security testing CLI with 2800+ attack payloads, 197+ WAF vendor detection, bypass discovery with 70+ evasion techniques, and CI/CD integration via SARIF/SonarQube/GitLab SAST output.
 
 
 ## Alerting