Web Applications Firewalls (WAFs) are fundamental building blocks of modern application security. For example, the PCI standard for organizations handling credit card transactions dictates that any application facing the internet should be either protected by a WAF or successfully pass a code review process. Nevertheless, despite their popularity and importance, auditing web application firewalls remains a challenging and complex task.
by George Argyros, Ioannis Stais
Full Abstract: https://www.blackhat.com/eu-16/briefings/schedule/#another-brick-off-the-wall-deconstructing-web-application-firewalls-using-automata-learning-4939