Black Friday 2024: 25+ Ways to Save on Online Learning
Web Application Firewall Bypassing - DefCamp - 2016

Web Application Firewall Bypassing - DefCamp - 2016

DefCamp via YouTube Direct link

RECONNAISSANCE Objective: Gather information to get a overview of the target - Basis for the subsequent phases Gather information about - web server programming language - WAF & Security Model - Inteā€¦

8 of 13
Previous
Next

8 of 13

RECONNAISSANCE Objective: Gather information to get a overview of the target - Basis for the subsequent phases Gather information about - web server programming language - WAF & Security Model - Inteā€¦

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Web Application Firewall Bypassing - DefCamp - 2016

Automatically move to the next video in the Classroom when playback concludes
  1. 1 DefCamp Web Application Firewall Bypassing - an approach for pentesters SECURITY CONSULTANT EUROSEC - SECURITY SINCE 1998
  2. 2 NORMALIZATION FUNCTIONS Simplifies the writing of rules ā€¢ No Knowledge about different forms of input needed
  3. 3 INPUT VALIDATION Security Models define how to enforce rules ā€¢ Rules consist of regular expressions ā€¢ Three Security Models: 1. Positive Security Model 2. Negative Security Model 3. Hybrid Security Mā€¦
  4. 4 Bypassing Methods and Techniques
  5. 5 SKIPPING PARAMETER VERIFICATION PHP removes whitespaces from parameter names or transforms them into underscores
  6. 6 APPROACH FOR PENETRATION TESTERS
  7. 7 PHASE O - DISABLE WAF Objective find security flaws in the application more easily assessment of the security level of an application is more accurate
  8. 8 RECONNAISSANCE Objective: Gather information to get a overview of the target - Basis for the subsequent phases Gather information about - web server programming language - WAF & Security Model - Inteā€¦
  9. 9 ATTACKING THE PRE-PROCESSOR Objective make the WAF skip input validation ā€¢ Identify which parts of a HTTP request are inspected by the WAF to develop an exploit: 1. Send individual requests that diffā€¦
  10. 10 FINDING AN IMPEDANCE MISMATCH Objective make the WAF interpret a request differently than the back end and therefore not detecting it Knowledge about back end technologies is needed
  11. 11 BYPASSING THE RULE SET Objective. find a payload that is not blocked by the WAFs rule
  12. 12 OTHER VULNERABILITIES Objective find other vulnerabilities that can not be detected by the WAF ā€¢ Broken authentication mechanism . Privilege escalation
  13. 13 AFTER THE PENTEST Objective: Inform customer about the vulnerabilities ā€¢ Advise customer to fix the root cause of a vulnerability . For the time being the vulnerability should be virtually patched byā€¦

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.