WAF Bypass Results

This year, the visitors of the Positive Hack Days Forum could have a shot at bypassing the PT Application Firewall in the contest called WAF Bypass. It was a good opportunity for us to test our product in action, because the forum gathered the best information security experts.

Each contest task represented a script with a typical vulnerability. The participants were invited to use these vulnerabilities to get flags. All tasks were solvable, though some solutions were not obvious. The contestants were provided with the report about scanning the tasks' source code with another Positive Technologies product Application Inspector.

The winner was a Moscow State University team consisting of Georgiy Noseevich, Andrey Petukhov, and Alexander Razdobarov. They managed to solve all the tasks! Ivan Novikov (d0znpp) took the second place and Tom Van Goethem, a speaker from Belgium, was the third. All the three medal places were awarded with valuable prizes: Apple iPad Air, Sony Xperia Z2, and an annual license for Burp Suite Pro, respectively.

Find more about the tasks, WAF bypassing, and the obtained experience in our blog.