Bypassing Web Application Firewall Workshop eBook


19 items sold

Get the access to all our courses via Subscription


Categories: ,

Bypassing Web Application Firewall eBook Preview.pdf

Dear students,

We gathered all the reading materials from the course “Bypassing Web Application Firewall” and prepared a stand alone ebook. While reading this workshop you will examine practical approaches in bypassing WAFs as a part of our penetration test, and, of course, the theory behind WAFs and how they work.

Note: Some of the original course materials, like videos or particular exercises, are not presented in this issue. If you would like to gain access to all the materials, you have to enroll in the course.

The main aim of this e-book is to present our publication to a wider range of readers. We want to share the material we worked on and we hope we can meet your expectations.

Enjoy your reading,
Hakin9 Magazine
Editorial Team

This e-book contains text materials from the course.

>>If you are a subscriber, download your magazine here!<<

>>Download Free Preview<<

>>Table of Contents<<

Module 1

Introduction WAFs, WAF Bypassing and techniques

In this module, we will quickly examine how WAFs work in a web server, and we will be introduced to WAF Bypassing and some interesting methods with practical examples, attacking web application firewalls with conventional methods.

  • Introduction to WAFs, WAF types and WAF Bypassing
  • WAF Fingerprinting
  • Automating WAF Fingerprinting with Burp, Nmap and wafw00f
  • WAF Bypassing

Module 2

WAF Bypassing with SQL Injection

In module 2, we examine how we can bypass WAF by exploiting SQL Injection vulnerabilities, with various ways such as normalization and HTTP Parameter Pollution.

  • HTTP Parameter Pollution – HPP
  • Encoding Techniques for Bypassing WAF
  • Bypassing WAF with SQL Injection
  • HTTP Parameter Fragmentation – HPF
  • Bypassing WAFs with SQL Injection Normalization
  • Buffer Overflow + SQL Injection = Bypass WAF

Module 3

WAF Bypassing with XSS and RFI

In module 3, we will examine more ways of WAF Bypassing, this time containing the Remote File Inclusion and the Cross-Site Scripting and more.

  • Cross Site Scripting – XSS
  • Reflected Cross Site Scripting
  • Stored Cross-site Scripting
  • Path Traversal
  • Remote and Local File Inclusion

Module 4

Securing WAF and Conclusion

Finally, in module 4, we will see some final methods for bypassing WAFs, and prevention methods with practical examples for our WAF implementations.

  • DOM Based XSS
  • Bypassing Blacklists with JavaScript
  • Automating WAF Bypassing
  • Bypassing WAF Practical Examples ( Imperva WAF, Aqtronix WebKnight WAF, ModSecurity WAF, and others)
  • Conclusion 


Nowadays, the number of web application firewalls (or simply WAFs) is increasing, which results in a more difficult penetration test from our side. So, it becomes a necessity and really important to be able to bypass WAFs in a penetration test. In this course, we are going to examine practical approaches in bypassing WAFs as a part of our penetration test, and, of course, the theory behind WAFs and how they work.

18 CPE Credits


Course format:

  • The course is self-paced – you can visit the training whenever you want and your content will be there.
  • Once you’re in, you keep access forever, even when you finish the course.
  • There are no deadlines, except for the ones you set for yourself.
  • We designed the course so that a diligent student will need about 18 hours of work to complete the training.
  • Your time will be filled with reading, videos, and exercises.

What will you learn?

  • WAF Bypassing
  • How WAFs work
  • How to implement WAF Bypassing to our penetration test

What skills will you gain?

  • WAF Bypassing and Hacking
  • WAF Hardening and Securing

What will you need?

  • PC with a preferred operating system (Mac OSX 10.5+, Windows 7+, Linux)
  • At least 4gb of RAM for the VMs to work properly
  • At least 10gb of free storage for VMs

VISIT COURSE>>> Syllabus 


There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.