Evading All Web-Application Firewalls XSS Filters
- 1 minDuring recent months, I have been working on research that proves that all web application firewalls do not protect against attacks as expected. The research focuses on evading the XSS filters of all popular Web-Application Firewalls, such as F5 Big IP, Imperva Incapsula, AQTRONIX WebKnight, PHP-IDS, Mod-Security, Sucuri, QuickDefense, Barracuda WAF, and they were all evaded within the research.
After evading the products, I have worked with vendors to patch all the discovered issues. The research should have been published in July 2015, but as a supporter of the responsible disclosure concept, I waited for companies to patch the bypasses and get their final responses.
The research is meant for educational uses only and should not be used in performing malicious actions. I am not responsible for malicious activities using the information in the research.
The research is ready to be shared with the public. You can find the links to download a copy of the paper below.
Download Link:-
MazinAhmed.net - Evading All Web-Application Firewalls XSS Filters.pdf
Related Posts
- Introducing LLMQuery Framework: Scaling GenAI Automation with Prompt Templates
- Engineering Learnings from the CrowdStrike Falcon Outage
- Secrets Patterns DB: Building Open-Source Regex Database for Secret Detection
- Speaking at BlakcHat MEA 2022
- DoS Attacks are Dead: Demystifying Practical DoS Attacks
