mirror of
https://github.com/0xInfection/Awesome-WAF.git
synced 2024-12-22 21:03:34 +07:00
🔥 Web-application firewalls (WAFs) from security standpoint.
awesomeawesome-listbypass-waffirewallinfosecsecuritywafwaf-bypasswaf-detectionwaf-fingerprintswaf-testwaf-testingweb-application-firewall
images | ||
papers | ||
presentations | ||
LICENSE | ||
README.md |
Awesome WAF Evasion
A curated list of awesome WAF evasion stuff. 🔥
A Concise Definition: A web application firewall is a form of firewall with a set of configured rules that controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls that do not meet the configured policy of the firewall. (Source Wikipedia)
Feel free to contribute.
Contents:
- Awsome WAFs
- Awesome Methodology
- Awesome WAF Detection
- Awesome Evasion Techniques
- Awesome Blogs & Writeups
- Presentations & Research Papers
Presentations & Research Papers
Presentations:
- WAF Profiling & Evasion Techniques - A WAF testing and evasion guide from OWASP.
- Protocol Level WAF Evasion Techniques - A presentation at about efficiently evading WAFs at protocol level from BlackHat US 12.
- Analysing Attacking Detection Logic Mechanisms - A presentation about WAF logic applied to detecting attacks from BlackHat US 16.
- WAF Bypasses and PHP Exploits - A presentation about evading WAFs and developing related PHP exploits.
Research Papers:
- WASC WAF Evaluation Criteria - A guide for WAF Evaluation from Web Application Security Consortium
- Protocol Level WAF Evasion - A protocol level WAF evasion techniques and analysis by Qualys.
- WAF Evasion Testing - A WAF evasion testing guide from SANS.
- Bypassing all WAF XSS Filters - A paper about bypassing all XSS filter rules and evading WAFs for XSS.