DeepSec 2017 Talk: Bypassing Web Application Firewalls – Khalil Bijjou
Everyone has firewalls or filters. They are now called application-level gateway (ALG) and have lots of features included. Algorithms, signatures, heuristics, protocol checks, verification; you name it. It’s all in there. But does it work? Obfuscation and evading technology has been around since the first filter was created. Anticipating what data might look like is hard, and some protocols were designed to be as ambivalent as possible, one might think. At DeepSec 2017 Khalil Bijjou will show you what can be done being evasive in the web. Security experts perform security assessments of web applications in order to identify vulnerabilities that could be exploited by malicious users. Web Application Firewalls add a second layer of protection to web applications in order to mitigate these vulnerabilities. The attempt to bypass Web Application Firewalls is an