Dear Community members,
We recently had a pentest on an on-premise hosted & containerized webapp, which is protected by an On-Premsie WAF.
The pentester was able to upload an EICAR test file through the webform (multipart/form-data). After reviewing the WAF alerts filtered on this webapp, I can't find it. Therefore I assume either there isn't any signature on the WAF related to the EICAR pattern, or it's not included in different policies applied on this webapp.
From this introduction :
- is there an existing Imperva ADC object or policy related to EICAR ?
- beyond EICAR test file itself, is it the good approach to rely on the WAF to prevent all malicious files to be sent by the webform ? If it is, how can I be sure that I'm applying the right policies for this scenario ?
Thank you in advance for your help,
#On-PremisesWAF(formerlySecuresphere)------------------------------
Ugo Schoellkopf
Amer Sports
------------------------------