This tweet highlights the challenge that penetration testers and hackers face when dealing with Web Application Firewalls (WAFs). It suggests that hackers use various methods to bypass WAFs, which do not always follow traditional firewall rules. Penetration testers exploit these bypass methods to uncover hidden security risks and gain a more comprehensive understanding of an organization's security posture. The tweet underscores the importance of recognizing that WAFs can be bypassed and that thorough testing is necessary to ensure robust security defenses.
For more insights, check out the original tweet here: https://twitter.com/GabrielAdler/status/1971227461796102212