August 2018
Intermediate to advanced
404 pages
10h 22m
English
In this recipe, we saw how having multiple instances of the same parameter in one single request can affect the way the application processes it. The way this situation is handled depends on the web server processing the request; here are some examples:
This lack of a standardized behavior can be used in specific situations to bypass protection mechanisms such as Web Application Firewalls (WAF) or Intrusion Detection Systems (IDS). Imagine an enterprise scenario that is not rare, a Tomcat-based application running on an IBM server being protected by an Apache-based WAF; ...
Read now
Unlock full access