The tweet discusses the challenge of bypassing Web Application Firewalls (WAFs) and mentions that while normalization techniques can hinder WAF effectiveness, the presence of an underlying vulnerability is a more significant concern. The author acknowledges prior work by others on WAF bypass and references additional sources via URLs for further detail. The key takeaway is that although bypassing WAFs is possible through various methods, the existence of vulnerabilities in the application poses a greater security risk than the bypass techniques themselves. This tweet emphasizes that focusing on fixing the underlying vulnerabilities should be prioritized over solely relying on WAF bypass defenses.
For more details, check out the original tweet here: https://twitter.com/s0md3v/status/1938641629352730803