Skip to content

Configuration: WAF Bypass¶

Identifier: waf_bypass

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

A WAF bypass happens when attackers find ways to slip malicious traffic past web application firewalls, exploiting weak or misconfigured rules that fail to catch cleverly disguised attacks.

How we test: We attempt to bypass WAF protections by using various evasion techniques such as encoding, obfuscation, and alternative request formats. We analyze responses to detect if malicious payloads can bypass WAF filtering and reach the application server.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  waf_bypass:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.