J0hnny R1ng0Dec 10, 2022
Xavier Ashe 

From @securityaffairs: Experts devised a technique to #bypass web application firewalls (#WAF) of several vendors.

"The researchers verifies that the bypass attack technique also worked against firewalls from other vendors, including #Cloudflare, #F5, Imperva, and #PaloAlto Networks."

#awswaf #infosec #WAFBypass

https://securityaffairs.co/wordpress/139445/hacking/web-application-firewalls-waf-bypass.html

Experts devised a technique to bypass web application firewalls (WAF) of several vendors

Claroty researchers devised a technique for bypassing the web application firewalls (WAF) of several vendors. Researchers at industrial and IoT cybersecurity firm Claroty devised an attack technique for bypassing the web application firewalls (WAF) of several industry-leading vendors. The technique was discovered while conducting unrelated research on Cambium Networks’ wireless device management platform. The researchers […]

Security Affairs
Dec 10, 2022 at 9:25pmWeb
Show threadSound of Quiet (they/them)Dec 10, 2022

@Xavier @securityaffairs What would you suggest a defender do in terms of protecting against this kind of attack? My first thought would be some kind of regex filtering rule, but where and what to check for?

What would you do?

Show threadXavier Ashe Dec 10, 2022

@quiet @securityaffairs I'm not sure, but I will be meeting with my #WAF and red team first thing Monday morning to discuss. It's hard to tell from the writeup, but if the WAF engine just ignores the JSON, then we might have to wait until vendors fix it.

Until then, we have layered controls so I'll have my #IPS team look into some customer signatures. We have a #RASP and #DAM, too. Will have to see how well my layered controls work.

Show threadSound of Quiet (they/them)Dec 11, 2022
@Xavier @securityaffairs Thank you sir!