- From: Willy Tarreau <w@1wt.eu>
- Date: Tue, 31 Jul 2012 19:36:55 +0200
- To: ietf-http-wg@w3.org
Hi, Ivan Ristic recently presented a wide collection of methods to bypass web application firewalls using implementation differences in HTTP stacks : https://community.qualys.com/blogs/securitylabs/2012/07/25/protocol-level-evasion-of-web-application-firewalls While some of them have already been discussed to great extents, including here, I think it's worth a read and reminds us that we really need to address the ambiguities of request encoding if we want to make the web safer. Regards, Willy
Received on Tuesday, 31 July 2012 17:37:21 UTC