This tweet talks about the recent experience with React-based Web Application Firewalls (WAFs). It highlights that soon after vendors offered bounties to encourage researchers to find bypasses, more than two bypass instances were reported within a single day. This suggests that React WAFs faced significant challenges, and many bypasses might still be unreported. The tweet emphasizes how this must have been a humbling moment for WAF vendors and enthusiasts, as even top WAFs were bypassed quickly. This situation underlines the continuous and evolving challenge of securing applications and the importance of bounty programs in improving WAF security through real-world testing and vulnerability discovery.
Check out the original tweet here: https://twitter.com/hkashfi/status/1997758260489966060