O'Reilly logo

Building Virtual Pentesting Labs for Advanced Penetration Testing by Kevin Cardwell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Penetrating web application firewalls

As we have discussed previously, it can be a challenge to evade detection, and this is on these same lines as it will depend on how the administrator has configured the policy. There are excellent references on the Internet you can use to see whether your obfuscation technique will work. The free and open source WAF ModSecurity provides a site where you can test the string to see if it might be detected by a WAF. You will find the site at this location http://www.modsecurity.org/demo.

Once the site has opened, you will see that there is an area to post different strings and see the results. Before you do this, you will also see that they have a list of websites that many of the commercial vendors use to demonstrate ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required