Article,

Web Application Firewall Bypassing

.
17 (1): 900-926 (2019)

Abstract

Security experts perform security assessments of web applications in order to identify vulnerabilities that could be exploited by malicious users. Web Application Firewalls add a second layer of protection to web applications in order to mitigate these vulnerabilities. The attempt to bypass Web Application Firewalls is an important aspect of a security assessment and is necessary to ensure accurate results. This thesis describes bypass techniques and offers a systematic approach for security experts on how to bypass Web Application Firewalls based on these techniques. In order to facilitate this approach a tool has been developed. The outcomes of this tool have significantly contributed to finding multiple bypasses. These bypasses will be reported to the particular Web Application Firewall vendors and will presumably improve the security level of these Web Application Firewalls.

Tags

Users

  • @steschum

Comments and Reviews