Bypassing WAFs Using Oversized Requests
Summary
This article from Black Hills Information Security discusses a method for bypassing Web Application Firewalls (WAFs). It explains that many WAFs have size limits for requests, and sending oversized requests with extra data can evade detection and allow payloads to pass through.
IFF Assessment
FOE
This article describes a technique that can be used to circumvent security measures like WAFs, which is bad news for defenders.
Defender Context
Defenders need to be aware of techniques that can bypass WAFs, such as oversized requests. This highlights the importance of properly configuring WAFs with strict size limits and potentially implementing additional layers of security to detect and block such evasive traffic.