AutoSpear: Towards Automatically Bypassing and Inspecting Web Application Firewalls

Описание

The web application firewall (WAF) is widely employed to protect web applications like websites from various web attacks like SQL injection (SQLi) and cross-site-scripting (XSS). In particular, the WAF-as-a-service, as one of the off-the-shelf security services in the cloud, is increasingly used by more and more websites. Although these WAF-as-a-services normally claim that they can be timely updated by captured attack traffic, one natural question is, are existing WAFs and WAF-as-a-services indestructible?

By: Zhenqing Qu, Xiang Ling & Chunming Wu

Full Abstract & Presentation Materials: https://www.blackhat.com/asia-22/briefings/schedule/#autospear-towards-automatically-bypassing-and-inspecting-web-application-firewalls-25503