Hi,
I work for Incapsula. Yesterday we've addressed this study in our blog.
<a href="http://www.incapsula.com/the-incapsula-blog/item/699-incapsula-pentested-review" rel="nofollow">http://www.incapsula.com/the-incapsula-blog/item/699-incapsu...</a><p>To make a long story short, this detailed report helped us introduce several patches to our WAF - but we feel that some of the issues were mostly theoretical and patching them can lead to security eroding false positives.<p>ModSecurity is a great security solutionand we are happy to be compared to it. We feel that we perhaps offer a more complete package (bot filtering, acceleration, user friendly GUI and easy setup, support, etc).<p>Still, you can't beat Free and if you are looking for OS security solution, ModSecurity is defiantly a name you should consider.<p>On a personal note, I wish that more vendors would take security a bit more seriously - especially if they claim to provide it to thousands of clients.<p>Web evolution is motivated by consumer trust and if we loose this trust we will also loose the cash flow that keeps Internet evolving.<p>Providing faulty security will do just that.