Let's Talk About WAF (Bypass) Baby

Presented at NolaCon 2019, May 18, 2019, 5 p.m. (Unknown duration)

All modern Web Application Firewalls are able to intercept (and even block) most common attacks from the web. However, what happens when an attacker uses HTTP2 to send attack traffic to a web application or service? In this talk we will cover basic attacks against web applications using HTTP2 to bypass WAFs and Proxies. Attendees will gain knowledge of how to bypass WAF and Proxies using the HTTP2 Protocol, and steps they can take to protect themselves against these kinds of attacks.

Presenters:

• Brett Gravois
  Brett is a Breaker of Web Applications, Leader of a DefCon Group, Maker of Tasty Food, and Owner of a Majestic Beard. He has over 17 years of experience in IT and Security, specializing in Web Application Pentesting, PCI practices, vulnerability scanning, and management.

Links:

• https://nolacon.com/talk/let-s-talk-about-waf-bypass-baby

Similar Presentations:

• LayerOne 2019 / Let’s Talk About WAF (Bypass) Baby
• NolaCon 2018 / HTTP2 and You
• LayerOne 2018 / HTTP2 and You