This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

BeNeLux09 - Web Application Firewalls: Detection, Bypassing and Exploitation

Jump to: navigation, search

The presentation

WAFs or Web Application Firewalls are being deployed to fix security issues in your web applications. The question is, are they?

In this presentation we take a look at some of the issues related to making use of this solution and how it may affect the overall security posture of your web application. Finally we will describe tools to automate detection of WAFs, and also tools to help identify ways to bypass WAFs.

The speaker

Sandro Gauci is the owner and Founder of EnableSecurity where he performs R&D and security consultancy for mid-sized companies. Sandro has over 9 years experience in the security industry and is focused on analysis of security challenges and providing solutions to such threats. His passion is vulnerability research and has previously worked together with various vendors such as Microsoft and Sun to fix security holes.