Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

WAF Bypass Techniques Using HTTP Standard and Web Servers' Behavior

OWASP Foundation via YouTube

Overview

Explore creative techniques for bypassing web application firewalls (WAFs) in this 43-minute conference talk from OWASP AppSec EU 2018. Learn how to leverage HTTP standards and web server behaviors to smuggle and reshape HTTP requests, enabling penetration testers and bug bounty hunters to circumvent WAF protections. Discover methods such as request encoding and HTTP pipelining that exploit the limitations of blacklist-based WAF solutions. Gain insights into defensive strategies and understand why developers should not rely solely on WAFs for security. Introduces an open-source Burp Suite extension for assessing and bypassing WAFs, with ongoing improvements planned through the http.ninja project.

Syllabus

WAF Bypass Techniques Using HTTP Standard and Web Servers’ Behavior - Soroush Dalili

Taught by

OWASP Foundation

Reviews

Start your review of WAF Bypass Techniques Using HTTP Standard and Web Servers' Behavior

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.