This tweet provides statistics about WAF (Web Application Firewall) bypass techniques anticipated for 2025. It states that 68% of WAF bypass attempts leverage encoding tricks, including double URL encoding, Unicode encoding, using null bytes, and case swapping. These methods aim to evade detection by bypassing the WAF input inspection mechanisms. The tweet stresses the importance of normalizing all input data before the WAF inspects it to effectively counter these encoding-based bypasses. Normalization means converting input into a standard format, decoding any encoded characters, and removing any obfuscation to allow the WAF to evaluate the true input content accurately. The message is relevant across all WAF vendors and product types since these encoding obfuscations are a universal challenge in web application security. To defend against such tactics, security teams should implement comprehensive normalization and strict validation rules in their WAF deployment. This will reduce the risk of attackers exploiting encoding tricks to perform attacks like XSS, SQLi, or other injection vulnerabilities.
Original tweet: https://twitter.com/Nina_hacks/status/2037748996110725202