How to Bypass WAF - Indian Cyber Security Solutions

To Bypass WAF one needs to know how it is done. Web application firewalls are designed to protect web applications from known attacks, by intercepting requests sent by clients and enforcing strict rules about their formatting and payload.

Some tricks to bypass web application firewall (WAF).

SQL injection UNION attack:

When an application is vulnerable to SQL injection and the query are returned within the application's responses, the UNION keyword can be used to retrieve data from other tables within the database.

The UNION keyword lets you execute one or more additional SELECT queries

Actual query

http://xyz.com/detail.php?id=44 UNION SELECT 1,2,3,4,5--

Query to bypass the WAF:http://xyz.com/detail.php?id=-1 uniOn SeLeCt 1,2,3,4,5--

Bypassing WAF using XSS Filters

Cross-site scripting (also known as XSS) that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data.

Example: "><script>alert(document.domain)</script>>

%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E">

</iframe>

Our Cyber Security Services

Cyber Security is extremely important for every organisation and that we understand that data theft avoided is better than data theft done. Thus we also provide cyber security services to various MNCs across India. Our team is professional in providing Web Application Penetration Testing, Network Penetration Testing, Mobile Application Penetration Testing to clients.

We this, we have been acknowledged as the top 20 most Cyber Security Trusted Brands for 2021 by The Global Hues. We stand by to our commitment in providing the right cyber security training to students. We have provided services to clients like Madhya Pradesh Gramin Bank, Odisha State Pollution Control Board, HDFC Life Insurance Corporation, Qatar Development Bank and many more.

Why Choose Indian Cyber Security Solutions (ICSS) ?

Indian cyber security Solutions is one of best institute of India among other institute in India. ICSS offer as CEHv11 Courses in India as well as kali Linux. ICSS has won as many award for giving the online training as well as offline training. Its way of giving the training is unique which is easily adapted by the student as well as the professional. Due to way how ICSS trained the student it has got as many award some of award are Tech Brand of 2020,Ten most trusting cyber security certification provider 2021 and many more.

Among the many Ethical Hacking course in India, Indian Cyber Security Solutions would be the right for you to join. We have the right set of practical lab classes set up for students to learn as well as industry grade trainers who would conduct the classes and impart the right set of Cyber Security Knowledge to students. Our efforts have been acknowledged by various reputed administrative institutes, such as "Top Ten Training Institutes in India in 2020” by Silicon India; as well as Ten Most Trusted Training & Cyber Security Certifications Provider, 2021 by The Knowledge Review.

As an Education Institute, we are also cyber security service provider to corporate organization. Services like VAPT, Web Penetration Testing, Network Penetration Testing, Mobile Application Penetration Testing to corporate organization like IRCTC, HDFC, Cambridge Technologies, and many more. With this, Indian Cyber Security Solutions have been acknowledged as the 20 Tech Brands of 2021. by Business Connect India.