Tag Archives: AppSecEU

WAF Bypass Techniques – Using HTTP Standard and Web Servers’ Behaviour

I had presented a conference talk in AppSec EU 2018 about WAF bypass techniques.

Some screenshots and my original tweet about it can be seen below:

The SlidShare was URL was:

I had also created a SQL injection challenge for my Twitter followers before the talk but the solution can be seen below (from Twitter):

The Burp Suite HTTP Smuggler extension can be downloaded from: https://github.com/nccgroup/BurpSuiteHTTPSmuggler