Break the Wall from Bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities
Unknown
Black Hat USA 2024 · Day 1 · Briefing
In a critical presentation at Black Hat USA, a researcher known as Chiwan, or Aki, unveiled groundbreaking work on the automated discovery of **protocol-level evasion vulnerabilities** in **Web Application Firewalls (WAFs)**. Titled "Break the Wall from Bottom," the talk delved into a persistent and often overlooked class of bypasses that undermine the very foundation of WAF protection. The research highlights how fundamental discrepancies in how WAFs and target web applications parse HTTP requests can create blind spots, allowing malicious payloads to bypass even the most stringent security rules.