The tweet discusses the importance of understanding specifications for effective defense against vulnerabilities, mentioning that some products have flawed specifications. It highlights the immediate exploitation of 0-day vulnerabilities in middleware/libraries and the potential defense provided by WAF against attacks like SQLi. The tweet acknowledges the active research on bypass techniques and emphasizes that achieving 100% defense is impossible. It suggests applying patches, conducting diagnostics if budget allows, and concludes with these points.
For more details, check out the original tweet here: https://twitter.com/kawada_syogo225/status/1927377492580483428