This tweet highlights the challenges that Web Application Firewall (WAF) vendors face when new technologies, like React, come into play. Despite bounties offered by vendors to bypass their WAFs, multiple bypasses were discovered within a very short time frame, showing the ongoing cat-and-mouse game between attackers and defenders. The tweet suggests that the actual number of bypasses could be higher than reported, emphasizing the difficulty in securing modern web applications and the persistence of researchers and attackers in finding new ways around security measures. This situation serves as a humbling reminder for WAF vendors to continually improve their products and adapt to new technologies and attack methods.
Check out the original tweet here: https://twitter.com/hkashfi/status/1997756817695535303