YoVDO

WAF Bypass Techniques Using HTTP Standard and Web Servers' Behavior

Offered By: OWASP Foundation via YouTube

Tags

Web Application Firewalls Courses Penetration Testing Courses Bug Bounty Courses Burp Suite Courses Web Security Courses HTTP Request Smuggling Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore creative techniques for bypassing web application firewalls (WAFs) in this 43-minute conference talk from OWASP AppSec EU 2018. Learn how to leverage HTTP standards and web server behaviors to smuggle and reshape HTTP requests, enabling penetration testers and bug bounty hunters to circumvent WAF protections. Discover methods such as request encoding and HTTP pipelining that exploit the limitations of blacklist-based WAF solutions. Gain insights into defensive strategies and understand why developers should not rely solely on WAFs for security. Introduces an open-source Burp Suite extension for assessing and bypassing WAFs, with ongoing improvements planned through the http.ninja project.

Syllabus

WAF Bypass Techniques Using HTTP Standard and Web Servers’ Behavior - Soroush Dalili


Taught by

OWASP Foundation

Related Courses

Learn Admin Fundamentals in Marketing Cloud
Salesforce via Trailhead Basic Cryptography and Programming with Crypto API
University of Colorado System via Coursera User Authentication & Authorization in Express
Codecademy Introduction to Web Authentication
World Wide Web Consortium (W3C) via edX Escudo Digital: Ciberseguridad para Protección de Datos y Sistemas
Universidad Anáhuac via edX