Explore reverse engineering techniques for web applications, focusing on behavior analysis and WAF detection in this 47-minute conference talk from AppSecUSA 2014. Delve into the challenges of screening HTTP traffic and learn about a new approach to mitigate complex attacks on popular CMS platforms. Discover how to integrate traffic analysis with log correlation for improved protection, generating millions of alerts daily with low false positive rates. Follow the speaker's journey through reverse engineering CMS applications, setting up honeypots, identifying attacker behavior, and creating effective countermeasures. Gain insights into live analysis techniques that merge various security strategies to block specific attacks efficiently. Learn from an experienced security professional about the latest developments in web application security, including practical examples and real-world scenarios.