Security experts perform security assessments of web applications in order to identify vulnerabilities that could be exploited by malicious users. Web Application Firewalls add a second layer of protection to web applications in order to mitigate these vulnerabilities. The attempt to bypass Web Application Firewalls is an important aspect of a security assessment and is necessary to ensure accurate results. This thesis describes bypass techniques and offers a systematic approach for security experts on how to bypass Web Application Firewalls based on these techniques. In order to facilitate this approach a tool has been developed. The outcomes of this tool have significantly contributed to finding multiple bypasses. These bypasses will be reported to the particular Web Application Firewall vendors and will presumably improve the security level of these Web Application Firewalls.
%0 Journal Article
%1 mjs:Bijjou:Bypassing
%A Bijjou, Khalil
%D 2019
%K bypass_techniques ds19 editor ethical_hacking malware mjsarticle penetration_testing red_team web_application_firewalls
%N 1
%P 900-926
%T Web Application Firewall Bypassing
%U http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_061_Bijjou_Bypassing.pdf
%V 17
%X Security experts perform security assessments of web applications in order to identify vulnerabilities that could be exploited by malicious users. Web Application Firewalls add a second layer of protection to web applications in order to mitigate these vulnerabilities. The attempt to bypass Web Application Firewalls is an important aspect of a security assessment and is necessary to ensure accurate results. This thesis describes bypass techniques and offers a systematic approach for security experts on how to bypass Web Application Firewalls based on these techniques. In order to facilitate this approach a tool has been developed. The outcomes of this tool have significantly contributed to finding multiple bypasses. These bypasses will be reported to the particular Web Application Firewall vendors and will presumably improve the security level of these Web Application Firewalls.
@article{mjs:Bijjou:Bypassing,
abstract = { Security experts perform security assessments of web applications in order to identify vulnerabilities that could be exploited by malicious users. Web Application Firewalls add a second layer of protection to web applications in order to mitigate these vulnerabilities. The attempt to bypass Web Application Firewalls is an important aspect of a security assessment and is necessary to ensure accurate results. This thesis describes bypass techniques and offers a systematic approach for security experts on how to bypass Web Application Firewalls based on these techniques. In order to facilitate this approach a tool has been developed. The outcomes of this tool have significantly contributed to finding multiple bypasses. These bypasses will be reported to the particular Web Application Firewall vendors and will presumably improve the security level of these Web Application Firewalls. },
added-at = {2021-09-19T18:42:17.000+0200},
author = {Bijjou, Khalil},
biburl = {https://www.bibsonomy.org/bibtex/265c32d9b0ffb906b7fb7ec5ad0c422a9/steschum},
interhash = {2e642836e46bb892829afa186820328a},
intrahash = {65c32d9b0ffb906b7fb7ec5ad0c422a9},
issn = {2192-4260},
journaltitle = {Magdeburger Journal zur Sicherheitsforschung},
keywords = {bypass_techniques ds19 editor ethical_hacking malware mjsarticle penetration_testing red_team web_application_firewalls},
language = {EN},
number = 1,
pages = {900-926},
subtitle = {An Approach for Penetration Testers},
timestamp = {2021-10-22T17:15:30.000+0200},
title = {Web Application Firewall Bypassing},
url = {http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_061_Bijjou_Bypassing.pdf},
urldate = {2019-04-05},
volume = 17,
year = 2019
}