Web application firewall (WAF) is the first line of defense and a necessary part of cybersecurity strategies. WAFs are getting more sophisticated all the time, but as its core protection starts with efficient pattern matching, typically using Regular Expressions, and classifying malicious traffic to block cyber attacks. However, unfortunately, this technique is no silver bullet against determined attackers. Once it’s known that there is a protection layer enabled, malicious actors find ways to bypass it. The same attacking payload, blocked by WAF, can be disguised to make it ‘invisible’ to the pattern matching mechanism.
Source: https://thehackernews.com/2020/08/apptrana-managed-cloud-waf.html