Researchers Discover Holey Web Application Firewalls (WAF)
Claroty security researchers have discovered ways to bypass Web Application Firewalls (WAF). A lack of JSON support allows attacks on potentially all providers. The providers Palo Alto Networks, Amazon Web Services, Cloudflare, F5 and Imperva have meanwhile updated their products. Security researchers from Team82, the research arm of cyber-physical systems (CPS) security specialists Claroty, have identified the possibility of a basic bypass of industry-leading web application firewalls (WAF). The attack technique involves appending JSON syntax to SQL injection payloads. Leading WAF Vendors Have Already Responded Although most database engines have supported JSON for a decade,…