The tweet suggests that bypassing the WAF to exploit XSS (Cross-Site Scripting) or finding CSRF (Cross-Site Request Forgery) vulnerabilities on the ma ...July 12, 2025
This post discusses a bypass for Azure Front Door Web Application Firewall (WAF) specifically targeting the IP restriction feature. Normally, IP restr ...July 11, 2025
This tweet discusses a subtle but important distinction in the way WAFs (Web Application Firewalls) may handle IP restrictions. It compares RemoteAddr ...July 11, 2025
This tweet discusses a common issue with Azure Front Door Web Application Firewall (WAF). The issue can be seen either as a misconfiguration or a feat ...July 11, 2025
This tweet warns about a significant security vulnerability in Azure's Front Door Web Application Firewall (WAF). The issue involves bypassing IP ...July 11, 2025
This tweet reveals a new bypass method targeting AWS WAF, a widely-used web application firewall. The bypass affects universal vulnerability detection ...July 11, 2025
This blog post explains a WAF bypass discovered on Fortinet's FortiWAF related to Blind SQL Injection (SQLi). FortiWAF is a popular web applicati ...July 10, 2025
This tweet shares information about Web Application Firewall (WAF) bypass techniques that are expected to work in 2025. It could be useful for securit ...July 9, 2025
This tweet talks about a new method called #KNOXSS, developed by @BRuteLogic, which uses advanced HTML injection (HTMLi) vectors and JavaScript inject ...July 9, 2025
The tweet introduces Recon Reasoner, which is described as an AI-enhanced reconnaissance tool. This tool is designed to assist security researchers an ...July 8, 2025
This tweet suggests a discussion about bypassing Web Application Firewalls (WAFs) as opposed to Content Security Policies (CSP). The user indicates a ...July 8, 2025
This tweet shares a checklist video related to bypassing Web Application Firewalls (WAFs). It is aimed at bug bounty hunters and security researchers ...July 7, 2025
This WAF bypass concerns a Content Security Policy (CSP) bypass vulnerability. The bypass payload includes using the <base> HTML tag in a way th ...July 6, 2025
This tweet shares learning topics about various web security issues including Blind and Out-of-Band SQL Injection, Cross-Site Scripting (XSS), Web App ...July 6, 2025
This tweet expresses skepticism about claims of bypassing Cloudflare WAF with various payloads. The user points out that Cloudflare WAF never allows e ...July 5, 2025
This tweet announces a bypass for Cloudflare's Web Application Firewall (WAF), specifically related to a DOM-based Cross-Site Scripting (DOM XSS) ...July 5, 2025
This tweet mentions a WAF bypass discussed by Cycatz related to cybersecurity but does not specify the exact type of vulnerability or the vendor of th ...July 4, 2025
This tweet mentions several key areas of Web Application Penetration Testing Methodology including reconnaissance, authentication attacks, injection v ...July 4, 2025
Radware Cloud WAF has a vulnerability where it can be bypassed by specially crafted requests. This means attackers can send requests designed in a way ...July 4, 2025
This tweet mentions SafeLine WAF and asks if it can be bypassed using an unspecified method. SafeLine WAF is a web application firewall designed to pr ...July 3, 2025
This tweet shares a WAF bypass technique as part 1 of a series. The exact vendor of the Web Application Firewall (WAF) is not mentioned, nor is the sp ...July 3, 2025
The tweet describes an upgrade to an automation toolkit developed in Python that integrates several security testing capabilities, including passive a ...July 3, 2025
This tweet mentions several cybersecurity techniques and vulnerabilities including 2FA bypass tips, JavaScript analysis methods, XSS leading to cookie ...July 2, 2025
This bypass technique involves hiding Cross-Site Scripting (XSS) payloads inside SVG or MathML elements in an HTML document. Custom XSS sanitizers and ...July 2, 2025
This tweet reveals a bypass technique for the Cloudflare Web Application Firewall (WAF) targeting cross-site scripting (XSS) protection. Typically, a ...July 1, 2025
This tweet shares a resource called 'WAF Bypass Arsenal,' which is a cheatsheet that uses full-width Unicode symbols to bypass Web Applicati ...June 30, 2025
This tweet highlights several security issues related to web application firewalls (WAFs), focusing on a hardcoded, self-made WAF that uses well-known ...June 30, 2025
This tweet shares some clever tricks to bypass Web Application Firewalls (WAFs) that block the usage of the JavaScript `alert` function, commonly used ...June 30, 2025
This tweet demonstrates a Web Application Firewall (WAF) bypass technique using JavaScript concatenation to evade filtering and successfully execute C ...June 29, 2025
This tweet talks about #KNOXSS, which is a tool that provides several cross-site scripting (XSS) bypass techniques specifically designed for various m ...June 29, 2025