Explore protocol-level evasion techniques for Web Application Firewalls (WAFs) in this Black Hat USA 2012 conference talk. Delve into the vulnerabilities of virtual patches and learn how attacks can become virtually invisible through lower-level processing manipulation. Discover lessons from a decade of WAF development, including a previously unknown flaw in ModSecurity. Gain insights into various evasion methods, their effectiveness against different tools, and how to counter them. Access a comprehensive catalogue of protocol-level evasion techniques and a complete testing suite released as part of this presentation.
Confessions of a WAF Developer - Protocol-Level Evasion of Web App Firewalls
Overview
Syllabus
Intro
True Evasion Story
mpedance Mismatch
Protocol-Level Evasion Overview
Virtual Patching
attacking Patch Activation
Self-Contained ModSecurity Rules
Backend Feature Variations
Path Parameters Again
Short Filenames on Windows
Path Evasion against IIS 5.1
Path Handling of Major Platforms
Tricks with PHP Parameter Names
nvalid URL Encoding
Content Type Evasion
ModSecurity Bypass
Multipart Format Overview
ModSecurity CRS Bypass
Content-Type Evasion
PHP Source Code
Boundary Evasion
Parameter Type Evasion
Multipart Evasion Summary
Taught by
Black Hat
