The tweet reflects a common misconception about Web Application Firewall (WAF) bypasses. It highlights that many claimed bypasses are actually not bypasses of the WAF product itself, but rather bypasses of weak or improperly configured rule sets set by the customer using the WAF. This means that the effectiveness of a WAF depends heavily on the rules implemented by the user or organization, rather than the inherent security capabilities of the WAF product. The analogy is made to Endpoint Detection and Response (EDR) solutions, where bypassing EDR often boils down to exploiting weak configurations rather than defeating the product's core technology. This reinforces the idea that security solutions are only as good as their configurations and maintenance.
Check out the original tweet here: https://twitter.com/deadvolvo/status/1970208161069146195