Confessions of a WAF Developer - Protocol-Level Evasion of Web App Firewalls

Confessions of a WAF Developer - Protocol-Level Evasion of Web App Firewalls

Black Hat via YouTube Direct link

mpedance Mismatch

3 of 23

3 of 23

mpedance Mismatch

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Confessions of a WAF Developer - Protocol-Level Evasion of Web App Firewalls

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 True Evasion Story
  3. 3 mpedance Mismatch
  4. 4 Protocol-Level Evasion Overview
  5. 5 Virtual Patching
  6. 6 attacking Patch Activation
  7. 7 Self-Contained ModSecurity Rules
  8. 8 Backend Feature Variations
  9. 9 Path Parameters Again
  10. 10 Short Filenames on Windows
  11. 11 Path Evasion against IIS 5.1
  12. 12 Path Handling of Major Platforms
  13. 13 Tricks with PHP Parameter Names
  14. 14 nvalid URL Encoding
  15. 15 Content Type Evasion
  16. 16 ModSecurity Bypass
  17. 17 Multipart Format Overview
  18. 18 ModSecurity CRS Bypass
  19. 19 Content-Type Evasion
  20. 20 PHP Source Code
  21. 21 Boundary Evasion
  22. 22 Parameter Type Evasion
  23. 23 Multipart Evasion Summary

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.