A team of university researchers finds a machine learning-based approach to generating HTTP requests that slip past Web application firewalls.
May 13, 2022 By Robert Lemos
BLACK HAT ASIA 2022 — A team of university researchers used basic machine learning to identify patterns that common Web application firewalls (WAFs) fail to detect as malicious, but which can still deliver an attacker's payload, one of the researchers said in a presentation at the Black Hat Asia security conference in Singapore on Thursday.
The researchers from Zhejiang University in China started with common ways of transforming injection attacks to target Web-application databases using the common Structured Query Language (SQL). Rather than using a brute-force search of potential bypasses, the team created a tool, AutoSpear, that uses a pool of potential bypasses that can be combined using a weighted mutation strategy and then tested to determine the effectiveness of the bypasses at evading the security of WAF-as-a-service offerings.