Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Breaking The Great Wall of Web - XSS WAF Evasion CheatSheet

published on 2016-09-01 10:07:00 UTC by Rafay
Content:

I think it's mandatory to give back to Security community from where we learn cutting edge techniques and information. Therefore after months of effort i am presenting to you a new WhitePaper titled "Breaking Great Wall of Web" without any strings attached.


Acknowledgements

I would like to thank the Acunetix Team for helping with proof-reading of the document.

Background



The WhitePaper not only contains sophisticated XSS vectors but it aims at also explaining the methodology behind bypassing a WAF.  The previous paper on this subject "Bypassing Modern WAF's XSS Filters - Cheat Sheet" was released 3 years back. A lot has changed and evolved during these years, especially with the advent of ECMA Script a new horizon for evasion/obfuscation have been opened. I have already discussed/demonstrated several techniques presented in this whitepaper in my recent Webcast hosted by Garage4hackers team namely "Bypassing Modern WAF's Exemplified At XSS".

Abstract 



 Input Validation flaws such as XSS are the most prevailing security threats affecting modern Web Applications. In order to mitigate these attacks Web Application Firewalls (WAF's) are used, which inspect HTTP requests for malicious transactions. Nevertheless, they can be easily bypassed due to the complexity of JavaScript in Modern browsers. In this paper we will discusses several techniques that can be used to circumvent WAF’s exemplified at XSS.

This will paper talk about the concepts of WAF’s in general, identifying and fingerprinting WAF’s and various methodologies for constructing a bypass. The paper discusses well known techniques such as Brute Forcing, Regular expression reversing and browser bugs for bypassing WAF’s.

Article: Breaking The Great Wall of Web - XSS WAF Evasion CheatSheet - published about 8 years ago.

http://www.rafayhackingarticles.net/2016/09/breaking-great-wall-of-web-xss-waf.html   
Published: 2016 09 01 10:07:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor