Let’s Talk About WAF (Bypass) Baby

Presented at LayerOne 2019, May 25, 2019, 3 p.m. (60 minutes).

All modern Web Application Firewall are able to intercept (and even block) most common attacks from the web. However, what happens when an attacker uses HTTP2 to send attack traffic to a web application or service? In this talk we will cover basic attacks against web applications and services using HTTP2 to bypass WAFs and Proxys. Attendees will gain knowledge of how to bypass WAF and Proxies using the HTTP2 Protocol, and steps they can take to protect them selves against these kinds of attacks.

Presenters:

• Security Panda
  Brett is a Breaker of Web Applications, Leader of a DefCon Group, Maker of Tasty Food, and Owner of a Majestic Beard. He has over 17 years of experience in IT and Security, specializing in Web Application Pentesting, PCI practices, vulnerability scanning, and management.

Links:

• https://www.youtube.com/watch?v=dZvszyaxX3o

Similar Presentations:

• LayerOne 2018 / HTTP2 and You
• NolaCon 2018 / HTTP2 and You
• NolaCon 2019 / Let's Talk About WAF (Bypass) Baby