Web Application Firewall Evasion Techniques

摘要

Recently there has been a robust increase in cyber attacks. Statistical studies show that around 4% of internet traffic is malicious. Firewalls are deployed as blocking mechanisms to identify and prevent malicious requests. They filter seemingly malicious packets based on the filter rules. Despite the filters, there are certain evasion techniques used by attackers to bypass the firewall. This paper describes the techniques for bypassing the web application firewall based on their configurations and paranoia levels of implementation so that security researchers can understand loop holes in the firewall to build a better firewall strategy. By these techniques, an attacker can achieve the attacks he intends to do even if the firewall is placed between the web application and the client.