undefined | Better HN

0 pointssamwillis4y ago0 comments

> How is this obvious?

By using a WAF you are explicitly blocking many standard hacking attempts such as SQLi. At least it seems obvious to me to take the precaution of having one, you can never trust that your code or the library’s you use don’t have security holes.

By using a hosted or managed WAF it means when there is a new venerability found (such as Log4Shel) the service updates the rules and you have a level of mitigation before even patching your system or even being aware of it.

0 comments

richardwhiuk4y ago

Most WAF attempts to block this failed - there's plenty of twitter posts doing things like ${${j}${n}i: to bypass WAF rules.

j / k navigate · click thread line to collapse

0 pointssamwillis4y ago0 comments

> How is this obvious?

0 comments

richardwhiuk4y ago

Most WAF attempts to block this failed - there's plenty of twitter posts doing things like ${${j}${n}i: to bypass WAF rules.

j / k navigate · click thread line to collapse