BlackHat USA is coming up soon, and one of the presenters will be Ivan Ristic with Qualys, who will be discussing his research that shows how organizations that rely on Web Application Firewalls (WAFs) may be operating with a false sense of security. The presentation will demonstrate 150 ways savvy attackers can bypass the WAF's defenses to exploit vulnerabilities in a web server. Ristic should know, since he has been developing WAFs for over ten years.
If you'll be at BlackHat in Las Vegas at the end of the month, be sure and catch his talk. If not, check out this article over at darkreading.com: