diff --git a/ddtrace/appsec/_ddwaf.pyx b/ddtrace/appsec/_ddwaf.pyx
index 21cc048b3a0..3e1bc7b1eb1 100644
--- a/ddtrace/appsec/_ddwaf.pyx
+++ b/ddtrace/appsec/_ddwaf.pyx
@@ -56,6 +56,7 @@ def version():
 
 
 cdef inline object _string_to_bytes(object string, const char **ptr, ssize_t *length):
+    ptr[0] = NULL
     if isinstance(string, six.binary_type):
         ptr[0] = PyBytes_AsString(string)
         length[0] = PyBytes_Size(string)
diff --git a/releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml b/releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml
new file mode 100644
index 00000000000..8b3d33b3ef0
--- /dev/null
+++ b/releasenotes/notes/asm-fix-python-2-error-reading-ddwaf-rules-d3653031f2ba84ba.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    ASM: fix Python 2 error reading WAF rules.
\ No newline at end of file
diff --git a/tests/appsec/test_processor.py b/tests/appsec/test_processor.py
index 18eb9cc47b5..80d00f45861 100644
--- a/tests/appsec/test_processor.py
+++ b/tests/appsec/test_processor.py
@@ -3,7 +3,9 @@
 
 import pytest
 
+from ddtrace.appsec._ddwaf import DDWaf
 from ddtrace.appsec.processor import AppSecSpanProcessor
+from ddtrace.appsec.processor import DEFAULT_RULES
 from ddtrace.appsec.processor import _transform_headers
 from ddtrace.constants import USER_KEEP
 from ddtrace.contrib.trace_utils import set_http_meta
@@ -159,3 +161,9 @@ def test_appsec_span_rate_limit(tracer):
         assert span1.get_tag("_dd.appsec.json") is not None
         assert span2.get_tag("_dd.appsec.json") is not None
         assert span3.get_tag("_dd.appsec.json") is None
+
+
+def test_ddwaf_not_raises_exception():
+    with open(DEFAULT_RULES) as rules:
+        rules_json = json.loads(rules.read())
+        DDWaf(rules_json)