Archive for February 20th, 2013

CloudFlare vs Incapsula vs ModSecurity – A Comparative Penetration Testing Analysis Report

This document contains the results of a comparative penetration test conducted by a team of security specialists at Zero Science Lab against three ‘leading’ web application firewall solutions. Our goal was to bypass security controls in place, in any way we can, circumventing whatever filters they have. This report also outlines the setup and configuration process, as well as a detailed security assessment.


Direct download: http://zeroscience.mk/files/wafreport2013.pdf

Update response:

Incapsula: http://www.incapsula.com/the-incapsula-blog/item/699-incapsula-pentested-review
ModSecurity: http://permalink.gmane.org/gmane.comp.apache.mod-security.user/10035
CloudFlare: http://blog.cloudflare.com/heuristics-and-rules-why-we-built-a-new-old-waf