Monday, October 19, 2009

Methods to Bypass a Web Application Firewall

There is no doubt that WAFs are applied with desire to reduce the existing risks of the attacks that aim to exploit vulnerabilities in web-applications.
The developers of such filters promise that this is the simplest and the cheapest solution for “all problems.” At the same time, the administrators sincerely believe (for the umpteenth time) that their own systems are impregnable. However, it will be shown in the paper that WAF is not the long-expected “silver bullet.” As everything created by human, WAF has its weaknesses, which allows one to exploit vulnerabilities even in the most secure servers.

Download PDF

thx to Dmitry Evteev

No comments: