The tweet mentions using a custom CDN WAF bypass as a temporary mitigation for customers while they fix their code. It emphasizes that customers pay for a vulnerability in their application, not for the bypass itself. The tweet highlights the importance of fixing code vulnerabilities and warns against relying on virtual patching instead of actual code fixes to avoid paying multiple bounties. This approach aims to prioritize addressing vulnerabilities directly rather than relying on temporary solutions.
For more insights, check out the original tweet here: https://twitter.com/ryancbarnett/status/1865503537351823870. And don’t forget to follow @ryancbarnett for more exciting updates in the world of cybersecurity.