The WAF Deception: 70% of Firewalls Bypassed by HTTP Parameter Pollution and JS Injection

A recent automated study conducted by ETHIACK has revealed that modern web application security mechanisms—including widely adopted Web Application Firewalls (WAFs)—are vulnerable to a novel class of attacks that combine JavaScript injection with HTTP...