This document contains the results of a comparative penetration test conducted by a team of security specialists at Zero Science Lab against three ‘leading’ web application firewall solutions. Our goal was to bypass security controls in place, in any way we can, circumventing whatever filters they have. This report also outlines the setup and configuration process, as well as a detailed security assessment We've chosen to test three Web Application Firewall services offered by three different vendors including Trustwave SpiderLabs ModSecurity, CloudFlare and Incapsula. Given that ModSecurity is free, we signed up for both CloudFlare and Incapsula paid Business plan. They have noticeably different prices for their paid plans. CloudFlare Business Plan is $200/month (the WAF is also available in the Pro Plan, for $20/month). Incapsula Business Plan is $59/month.
Download the entire PDF here: http://zeroscience.mk/blog/02/2013/cloudflare-vs-incapsula-vs-modsecurity-a-comparative-penetration-testing-analysis-report/
tl;dr:
