Explore a modern DevOps approach to security testing Web Application Firewalls (WAFs) in this conference talk from AppSecUSA 2017. Learn about the Framework for Testing WAFs (FTW) project, which provides an extendable framework for objectively reviewing WAF effectiveness. Discover how to design and implement tests using YAML format, leveraging the OWASP Core Ruleset Version 3 as a benchmark for web attacks and defenses. Gain insights into the architecture of the code, including the use of Py.test for testing and continuous integration strategies. Examine real-world use cases, including regression testing for the ModSecurity team and shipping WAF rules for customers on the edge. Understand the importance of applying security to the Software Development Life Cycle (SDLC) of WAF deployments and explore the journaling feature for comprehensive pentest reports.