Defeating Web Application Firewall

Welcome to Defeating Web Application Firewall course

In this Course we are going to see how to bypass the web application firewall in in four stages easy , medium , hard ,and extremely hard.

This course will teach you:

This course is going to cover bypassing the web application firewall from A to Z.

We are going to start explaining how the WAF works , how to identify the filter and how to bypass it.We are going to see how to bypass the WAF filter using encoding, manipulating,double-encoding,alternative methods,alternative functions ...etc

You will Need:

You will need a knowledge in web application hacking and pentesting

We really courge you to joing the web application hacking course which explains for you in steps how to find the vulnerabilities inside scripts and in real world and how to exploit them.

you are not going to need any other thing because this course is provided with online lab, exercises and materials and if anything is missing you can contact us immediately

You can practice at the same time you watch the video using the course lab.

Course Modules:

This course consists of 4 modules:

Short Summery

In the first module: you are going to introduced to WAF , how they work , how to identify the WAF filter,and how to bypass an easy filter.

In the second module: you are going to see how bypass a medium filter by manipulating the chars

In the third module: you are going to see how to how to bypass hard filter using double encoding ,alternative methods, and alternative tags.

In the fourth module: you are going to see how to bypass the filter when there is no url encoding , double encoding,or any manipulating working with SQLi and you are going to see how to bypass the filter inside XSS when using alternative methods , and encoding and how to bypass the filter with file inclusion when you can read any file with the normal ways and how to execute a php codes.

Course syllabus:

  • Easy Filter
    • SQL Injection:
      • union select filter bypass

  • Medium Filter
    • SQL Injection:
      • UNION OR SELECT filter
      • UNION OR SELECT OR Logic operators (or ,and)filter
      • UNION OR SELECT OR Logic operators White spaces filter
      • Authentication filter
    • XSS:
      • Str_replace filter
      • Script tag is not allowed
    • File Inclusion:
      • File restrictions filter
      • http https filter

  • Hard Filter
    • SQL Injection:
      • UNION OR SELECT Harder filter
      • NO Logic operators (or ,and) are allowed
      • NO Logic operators and comments are not allowed
      • NO Logic operators ,White spaces ,and Comments are not allowed
      • Authentication bypass while no quotes and Logic Operators are allowed
    • XSS:
      • Script tag and svg tag totally blocked
      • No white spaces between attributes are allowed
    • File Inclusion:
      • Double dot filter
      • More http https filter

  • extremely Hard Filter
    • SQL Injection:
      • white spaces and comments totally blocked
      • white spaces ,Logic operators and Comments totally blocked
      • Filtering every thing
    • XSS:
      • No white spaces between attributes and quotes are allowed
      • The most html tag are filtered
      • Attributes filter
      • Javascript functions filter
    • File Inclusion:
      • No etc/passwd,double dot and http https are totally blocked

Course Contents

Exercises Access

Lab Access

Materials Access

Course Certificate

Price: 250$

Purchase