CENSUS participated in the "Security B-Sides 2017 Athens" conference with a presentation by Ioannis Stais on the automated discovery of expressions that bypass Web Application Firewalls and Filters, using learning automata. The presentation was entitled
"LightBulb Framework: Shedding Light on the Dark Side of WAFs and Filters" and followed Stais' and Argyros' previous research on the subject (see BlackHat Europe in 2016 presentation). The Security B-Sides presentation introduced an Extension for the Burp Suite web proxy application that allows for easier integration of the expression discovery technique to the standard toolbox of web application penetration testers.
Usage examples of the LightBulb open source tool, slides from the presentation and other related material will be published in a separate blog post.
CENSUS would like to thank the organizers of Security B-Sides Athens 2017 for a great event. We hope to see everyone again next year!