Incapsula's WAF continues to have an advantage over CloudFlare's WAF. We should also mention that only Incapsula's WAF is PCI-Certified, which is an advantage for certain types of online
businesses.
While CloudFlare's new WAF solution showed substantial improvement since the first penetration test, it still does not provide the comprehensive level of security against certain types of web application attacks (e.g., SQL injection, Remote File Inclusion) that many online businesses today require.
We noticed the high block ratio of XSS attacks, but from all the types of attacks, main focus was on Cross-Site Scripting. The SQL Injection, Local and Remote File Inclusion, and Remote Code/Command Execution at tacks had very low detection rate by the CloudFlare WAF.
Incapsula, on the other hand, has shown consistent security performance in both tests, with a high block ratio and few false-positives.
Link: http://www.exploit-db.com/wp-content/themes/exploit/docs/29315.pdf
No comments:
Post a Comment