Overview
Explore the vulnerabilities of web application firewalls (WAFs) and WAF-as-a-service solutions in this 35-minute Black Hat conference talk. Delve into the effectiveness of these widely-used security measures against common web attacks like SQL injection and cross-site scripting. Learn about AutoSpear, a tool designed to automatically bypass and inspect WAFs, challenging the claims of timely updates and indestructibility. Gain insights from security researchers Zhenqing Qu, Xiang Ling, and Chunming Wu as they present their findings on the potential weaknesses in these crucial web application defense mechanisms.
Syllabus
AutoSpear: Towards Automatically Bypassing and Inspecting Web Application Firewalls
Taught by
Black Hat