Web applications suffer continuously evolving attacks, where a web application firewall (WAF) is the first line of defense and a necessary part of organizations’ cybersecurity strategies.
WAFs are getting more sophisticated all the time, but as its core protection starts with efficient pattern matching, typically using Regular Expressions, and classifying malicious traffic to block cyber attacks.
Evading pattern matching
However, unfortunately, this technique is no silver bullet against determined attackers. Once it’s known that there is a protection layer enabled, malicious actors find ways to bypass it, and most of the time, they even succeed.
It usually can be achieved when the same attacking payload, blocked by WAF, can be disguised to make it ‘invisible’ to the pattern matching mechanism to evade security.
Depending on the context where the attack is targeted, payloads using mixed case, whitespace, comments work in the same way as the…