Search Imperva Community for
Dear Community members,We recently had a pentest on an on-premise hosted & containerized webapp, which is protected by an On-Premsie WAF.
The pentester was able to upload an EICAR test file through the webform (multipart/form-data). After reviewing the WAF alerts filtered on this webapp, I can't find it. Therefore I assume either there isn't any signature on the WAF related to the EICAR pattern, or it's not included in different policies applied on this webapp.
From this introduction :- is there an existing Imperva ADC object or policy related to EICAR ?- beyond EICAR test file itself, is it the good approach to rely on the WAF to prevent all malicious files to be sent by the webform ? If it is, how can I be sure that I'm applying the right policies for this scenario ?Thank you in advance for your help,
or Contact Us
Copyright @ 2019 Imperva. All rights reserved