Google WAF bypassed via oversized POST requests


UPDATED Due to security flaws in Google’s default web application firewall (WAF), it is easy to circumvent the company’s cloud-based protections.

Researchers from security firm Kloudle discovered that by sending a POST request larger than 8KB in size, they were able to circumvent both Google Cloud Platform (GCP) and Amazon Web Services (AWS) web app firewalls.

Read More…