This course aims to deconstruct Web Application Firewalls (WAFs) using automata learning. The learning outcomes include understanding WAF internals, rulesets, and the reasons for bypasses. Students will acquire skills in parsing, automata learning, DFAs, and filter auditing. The teaching method involves a modular approach with core modules like HTTP Request Handler and Browser Parser Handler. The intended audience for this course is individuals interested in web application security and those looking to enhance their knowledge of WAFs and automata learning.
Another Brick Off the Wall - Deconstructing Web Application Firewalls Using Automata Learning
Overview
Syllabus
Intro
Overview
Code Injection Attacks
Code Injection is a Parsing Problem
Web Application Firewalls
WAFs Internals
WAF Rulesets
Why Bypasses Exist
Our Goal
Context Free Grammars
Attack of the Grammars
Why should I care?
However...
Learning to Parse
Learning Automata
Learning Model
Learning DFAs
Equivalence Query
Symbolic Finite Automata
Bootstrapping Automata Learning
Grammar Oriented Filter Auditing
SFADiff XSS Bypass
Generating Program Fingerprints
Modular Design
Core Modules
Built-in Query Handlers
HTTP Request Handler
Browser Parser Handler
Browser Filter Handler
Using GOFA module and HTTP Handler
Conclusions
black hat
Taught by
Black Hat
