Braze Public BB

Last week we started a POC of the Cloudflare WAF on the subdomain bug-bounty.braze.com and it has been in Logging Only mode since. Starting today March 3rd, we will be turning the WAF on to Enforcement/Blocking mode for 7 days as the final portion of the POC for the WAF. I would like to request that people use the subdomain bug-bounty.braze.com to access the server for the Public Program, so that I can get as much data as possible for the evaluation of the WAF. But if you do not want to go up against the WAF in your testing, you are able to access the server on the original inscope URL: http://security-testing-env-dashboard.k8s.test-001.d-usw-2.braze.com and the WAF is not configured on this subdomain. The POC for the WAF in blocking mode will only last for about 7 days, and will then be removed. But as stated, please spend atleast some time of your testing, on the bug-bounty.braze.com subdomain so that I can get the data required to properly evaluate the WAF. If you have any questions, comments or concerns, you can reach out to me here on the Slack instance for the Bug Bounty Program, via email at: thomas.devoss@braze.com or by reaching out to security@braze.com . Please only email security@braze.com if it is a very important request, and after you have tried to reach out to me directly here and via email. Thank you all for taking the time to help secure the Braze services and protecting our users.