Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hacker News: New Attack Method to Bypass Popular Web Application Firewalls

Has anyone run into this?

Cheers - Bob

This thread was automatically locked due to age.
  • Haven't seen this specifically, but have heard about some step-up against WAF environments.  Nothing specific.

    PFSense Plus 23.05 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | Fiber Conn (awaiting ATT Fiber)
    (Former Sophos UTM Veteran, XG Rookie)

  • In my experience, I have come across a lot of WAFs. Some of them are very strong, others are very weak. Yes, sometimes they do manage to successfully prevent XSS or SQL injection, but I have never evaluated a WebApp where a WAF managed to successfully mitigate all the vulnerabilities I discovered, let alone the majority of the OWASP top 10.

    A WAF should be viewed as an additional security measure rather than a comprehensive response to security threats.