Ep. 17 - NoSQL Injection: WAF Evasion Fundamentals

How do attackers circumvent WAF rules?

Talk Scope

  1. Exercise: Evaluate WAF attack vectors by looking at a Modsecurity WAF Rule
  2. Exercise: Deduce backend logic through URL structure to bypass potential WAF rules and dump all documents within a MongoDb collection
  3. Extension of NoSqi Series

Course Curriculum

  First Section
Available in days
days after you enroll

Get started now!

Your Instructor

Zach Roof
Zach Roof

I started my tech tutorial journey when I was bedridden for 6 months because I couldn't get healthcare insurance. While I might of been in extreme physical pain, I persisted because the instructors that I watched during that time filled me with immense joy. Towards the end of that experience, I vowed that once I gained the appropriate expertise, I'd provide quality tutorial content to the greater tech community.

In the years after my disability, I've held positions as a Frontend Developer, Backend Developer, Application Security Engineer and a DevOps/Security Engineer. My professional path has ranged from large corporate settings to an intimate blockchain startup.

Now, the next progression in my journey is to take all of my experience and provide quality security tutorials to the greater tech community.