WAF Bypass Techniques Using HTTP Standard and Web Servers' Behavior
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore creative techniques for bypassing web application firewalls (WAFs) in this 43-minute conference talk from OWASP AppSec EU 2018. Learn how to leverage HTTP standards and web server behaviors to smuggle and reshape HTTP requests, enabling penetration testers and bug bounty hunters to circumvent WAF protections. Discover methods such as request encoding and HTTP pipelining that exploit the limitations of blacklist-based WAF solutions. Gain insights into defensive strategies and understand why developers should not rely solely on WAFs for security. Introduces an open-source Burp Suite extension for assessing and bypassing WAFs, with ongoing improvements planned through the http.ninja project.
Syllabus
WAF Bypass Techniques Using HTTP Standard and Web Servers’ Behavior - Soroush Dalili
Taught by
OWASP Foundation
Related Courses
HTTP Request Smuggling in 2020 - New Variants, New Defenses and New ChallengesBlack Hat via YouTube HTTP Desync Attacks - Request Smuggling Reborn
Black Hat via YouTube Request Smuggling 101
NorthSec via YouTube Ekoparty #UniTalks Colombia - HTTP Request Smuggling
Ekoparty Security Conference via YouTube Practical Attacks Using HTTP Request Smuggling
NahamSec via YouTube