Bridging the Gap Between Research and Practice in Intelligently Bypassing WAF

Explore the challenges and solutions in using AI to bypass web application firewalls (WAFs) in this Black Hat conference talk. Delve into the three-step workflow of building payload datasets, applying mutation operations, and utilizing heuristic algorithms or reinforcement learning to evade WAFs. Examine two key practical issues: the diversity of payloads and their varying difficulty in bypassing security measures. Learn about innovative approaches to address these challenges, including device and semantic environments, and a core algorithm for more effective WAF evasion. Gain insights into experimental results and the broader implications for cybersecurity research and practice in this 26-minute presentation.