Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore a 27-minute Black Hat conference talk that delves into WAF Manis, a groundbreaking testing framework for discovering protocol-level evasion vulnerabilities in Web Application Firewalls (WAFs). Learn how researchers evaluated 14 popular WAFs including Cloudflare and ModSecurity against 20 web frameworks like Laravel and Spring, uncovering 311 protocol-level evasion cases. Understand how adversaries can exploit parsing discrepancies between WAF HTTP parsers and web applications to bypass security measures and transmit malicious payloads such as SQL injection, XSS, or Log4jShell attacks. Discover the three primary reasons behind WAF evasions identified through extensive analysis, and learn about the successful vulnerability reports that earned acknowledgments and bug bounty rewards from major providers including Cloudflare WAF, Fortinet WAF, and Alibaba Cloud WAF.
