Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application Firewalls

Black Hat via YouTube

Start learning Write review
Boot.dev Ad

The Most Addictive Python and SQL Courses

Learn More → GetSmarter Ad

AI Adoption - Drive Business Value and Organizational Impact

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a 27-minute Black Hat conference talk that delves into WAF Manis, a groundbreaking testing framework for discovering protocol-level evasion vulnerabilities in Web Application Firewalls (WAFs). Learn how researchers evaluated 14 popular WAFs including Cloudflare and ModSecurity against 20 web frameworks like Laravel and Spring, uncovering 311 protocol-level evasion cases. Understand how adversaries can exploit parsing discrepancies between WAF HTTP parsers and web applications to bypass security measures and transmit malicious payloads such as SQL injection, XSS, or Log4jShell attacks. Discover the three primary reasons behind WAF evasions identified through extensive analysis, and learn about the successful vulnerability reports that earned acknowledgments and bug bounty rewards from major providers including Cloudflare WAF, Fortinet WAF, and Alibaba Cloud WAF.

Syllabus

Break the Wall from Bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities

Taught by

Black Hat

Reviews

Start your review of Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application Firewalls

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.