WAF Bypass Techniques – Using HTTP Standard and Web Servers’ Behaviour

I had presented a conference talk in AppSec EU 2018 about WAF bypass techniques.

Some screenshots and my original tweet about it can be seen below:

The SlidShare was URL was:

I had also created a SQL injection challenge for my Twitter followers before the talk but the solution can be seen below (from Twitter):

The Burp Suite HTTP Smuggler extension can be downloaded from: https://github.com/nccgroup/BurpSuiteHTTPSmuggler

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.