#bugbountytips testing against a WAF:
1. Idenitify which WAF
2. Identify which ruleset is being used
3. Look up WAF and ruleset to see if we can find a hole in protection or if a public bypass exists
4. Craft payload
5. ???
6. PROFIT
Subscribe for the latest news: