Главная
Study mode:
on
1
Intro
2
True Evasion Story
3
mpedance Mismatch
4
Protocol-Level Evasion Overview
5
Virtual Patching
6
attacking Patch Activation
7
Self-Contained ModSecurity Rules
8
Backend Feature Variations
9
Path Parameters Again
10
Short Filenames on Windows
11
Path Evasion against IIS 5.1
12
Path Handling of Major Platforms
13
Tricks with PHP Parameter Names
14
nvalid URL Encoding
15
Content Type Evasion
16
ModSecurity Bypass
17
Multipart Format Overview
18
ModSecurity CRS Bypass
19
Content-Type Evasion
20
PHP Source Code
21
Boundary Evasion
22
Parameter Type Evasion
23
Multipart Evasion Summary
Description:
Explore protocol-level evasion techniques for Web Application Firewalls (WAFs) in this Black Hat USA 2012 conference talk. Delve into the vulnerabilities of virtual patches and learn how attacks can become virtually invisible through lower-level processing manipulation. Discover lessons from a decade of WAF development, including a previously unknown flaw in ModSecurity. Gain insights into various evasion methods, their effectiveness against different tools, and how to counter them. Access a comprehensive catalogue of protocol-level evasion techniques and a complete testing suite released as part of this presentation.

Confessions of a WAF Developer - Protocol-Level Evasion of Web App Firewalls

Black Hat
Add to list
#Conference Talks #Black Hat #Programming #Web Development #Information Security (InfoSec) #Cybersecurity #Programming Languages #PHP #Web Security #Web Application Firewalls #ModSecurity
1 of 23

Intro