A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Let's Talk About WAF (Bypass) Baby - Brett Gravois NolaCon 2019 (Hacking Illustrated Series InfoSec <br>Tutorial Videos)


Let's Talk About WAF (Bypass) Baby
Brett Gravois

@Security_Panda


All modern Web Application Firewalls are able to intercept (and even block) most common attacks from the web. However, what happens when an attacker uses HTTP2 to send attack traffic to a web application or service? In this talk we will cover basic attacks against web applications using HTTP2 to bypass WAFs and Proxies. Attendees will gain knowledge of how to bypass WAF and Proxies using the HTTP2 Protocol, and steps they can take to protect themselves against these kinds of attacks.



Brett is a Breaker of Web Applications, Leader of a DefCon Group, Maker of Tasty Food, and Owner of a Majestic Beard. He has over 17 years of experience in IT and Security, specializing in Web Application Pentesting, PCI practices, vulnerability scanning, and management.\n



Recorded at NolaCon 2019




Back to NolaCon 2019 video list


Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast