Web Application Firewalls: Analysis of Detection Logic

by Vladimir Ivanov

This presentation highlights the core of Web Application Firewall detection logic and accentuates the regular expressions detection mechanism. Other highlights include the use of the Static Application Security Testing (SAST) tool for Regular Expressions analysis, aiming to find security flaws in the syntax of regular expressions. Using the proposed “regex security cheat sheet”, rules from popular WAFs will be examined. Logical flaws in regular expressions will be demonstrated by applying author’s bug hunting experience and best practices.

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *