On the simulating of malicious traffic and testing Incap rules question, we often will use a test site hosted on Digital Ocean or Linode and protected by CloudWAF as the target when developing custom rules, with the traffic being created by something like Fiddler (
https://www.telerik.com/fiddler) for simple individual requests and Metasploit or similar frameworks in Kali for more involved/complex attacks.
This is used for both self study and for customer problem replication in-house, you may find these tools useful in your use-case too.
------------------------------
Stefan Pynappels
Escalation Engineer
Imperva
------------------------------
Original Message:
Sent: 10-15-2019 15:56
From: Lois Garcia
Subject: How have you built custom IncapRules to protect your applications?
I have a lot of respect for the Incapsula product and support team engineers. Nicole Banks put on some great technical meetups when I was in Silicon Valley. The integration with the Imperva name does not seem to have hurt the product at all. I hope that the company is not abandoning users, as so many other big companies do. As small companies are absorbed, there is less value on any single user or user problem and the focus is on capturing the wallets of executives, rather than on putting out a good product and customer experience.
I'm interested to hear how those using the Incapsula product have built custom IncapRules to protect your applications? Also, how are you currently simulating malicious traffic, or otherwise test IncapRules?
#CloudWAF(formerlyIncapsula)
#AllImperva
------------------------------
Lois Garcia
Lead Engineer
Target
------------------------------