Web Server Security Hacker News: New Attack Method to Bypass Popular Web Application Firewalls

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 2 replies
Subscribers 2 subscribers
Views 2744 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hacker News: New Attack Method to Bypass Popular Web Application Firewalls

BAlfson over 1 year ago

Has anyone run into this?

https://thehackernews.com/2022/12/researchers-detail-new-attack-method-to.html?_m=3n%2e009a%2e2910%2eqq0ao0edmj%2e1vo3

Cheers - Bob

This thread was automatically locked due to age.

Top Replies

David Sadler over 1 year ago in reply to Amodin +1

In my experience, I have come across a lot of WAFs. Some of them are very strong, others are very weak. Yes, sometimes they do manage to successfully prevent XSS or SQL injection, but I have never evaluated…

0 Amodin over 1 year ago

Haven't seen this specifically, but have heard about some step-up against WAF environments. Nothing specific.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel
0 David Sadler over 1 year ago in reply to Amodin

In my experience, I have come across a lot of WAFs. Some of them are very strong, others are very weak. Yes, sometimes they do manage to successfully prevent XSS or SQL injection, but I have never evaluated a WebApp where a WAF managed to successfully mitigate all the vulnerabilities I discovered, let alone the majority of the OWASP top 10.

A WAF should be viewed as an additional security measure rather than a comprehensive response to security threats.
Cancel
Vote Up +1 Vote Down

Cancel