Bypassing Web Application Firewalls

Presented at DeepSec 2017 „Science First!“, Unknown date/time (Unknown duration)

This talk will teach you how to attack applications secured by a WAF. The presenter will describe the newest WAF bypassing techniques and provide a systematic and practical approach on how to bypass WAFs. WAFNinja, a tool that helps to find vulnerabilities in WAFs, will be introduced.

Presenters:

• Khalil Bijjou - EUROSEC GmbH
  Khalil Bijjou is an enthusiastic ethical hacker, bug hunter and penetration tester for the german IT security consulting firm EUROSEC. He performs security assessments for major companies especially in the field of web, mobile and SAP security. Khalil reached the 2nd place in the German Post IT Security Cup 2015 and was a speaker at PHDays, Moscow and DefCamp, Bucharest.

Links:

• https://deepsec.net/archive/2017.deepsec.net/speaker.html#PSLOT311

Similar Presentations:

• DeepSec 2018 „I like to mov &6974,%bx“ / Building your Own WAF as a Service and Forgetting about False Positives
• Black Hat Europe 2016 / Another Brick Off the Wall: Deconstructing Web Application Firewalls Using Automata Learning
• CircleCityCon 8.0 (2021) Virtual / My AWS WAF Deployment Odyssey