h@cktivitycon 2020: WAF Bypass In Depth

Firewall Bypass

As WAFs grow in complexity, they become increasingly resilient to attacks. However, although the level of determination required has greatly risen in recent years, WAFs are always bypassable. We will provide practical insight into how WAFs operate and introduce novel bypass techniques that can make it a piece of cake to demonstrate the impact of cross-site scripting (XSS) vulnerabilities when behind WAFs. Reflected XSS is a valid vulnerability regardless of the presence of a WAF.